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What’s  next  with 
hypervisors? 


A  roundtable  discussion 
with  industry  experts 

BY  JOHN  DIX 


CLEAR  CHOICE  TE\T) 
EXCLUSIVE  ^ 

Cisco  impresses 
with  UCS 


THE  RAPIDLY  evolving  world  of  hypervisors  is  compli¬ 
cated  by  the  fact  that  there  are  proprietary  and  open  source 
tools,  and  the  latter  are  often  pressed  into  service  in  dif¬ 
ferent  ways. 

To  get  a  handle  on  recent  developments,  Network 
World  Editor  in  Chief  John  Dix  corralled  a  panel  of 
experts  to  assess  where  we  are  today  and  where  we’re 
going.  The  experts  included  A1  Gillen,  an  analyst  at  IDC  who 
tracks  virtualization  developments,  Kerry  Kim,  director  of 
solutions  marketing  at  SUSE,  and  Adam  Jollans,  program 
director  of  IBM’s  Linux  and  Open  Virtualization  Strategy. 


►  See  Virtualization,  page  id 


Integrated  blades,  networking  and 
management  make  Unified  Computing  = 
System  a  strong  candidate  for  your 
enterprise  data  centers.  Page  26  ► 


IBM  BladeCenter®  S 
and  HS22  Express 

with  storage  and  networking  from 
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Say  hello  to  your  entire  server  room. 

Imagine  if  you  could  consolidate  servers,  storage  and  networking  I/O  into  one  simple  package.  Just  think 
what  would  happen  to  your  IT  operating  costs.  That’s  exactly  what  many  midsize  businesses  are  doing. 
They’re  converging  their  IT  infrastructure  on  IBM  BladeCenter  S  and  HS22  servers  featuring  Intel®  Xeon® 
processors.  Through  virtualization,  they’re  reducing  servers  by  up  to  85%  and  cutting  energy  and  facilities 
costs  by  up  to  96%,  all  while  actually  improving  performance.2  They’re  enjoying  superior  availability  with 
features  like  redundant  power  and  I/O.  And  they’re  deploying  the  integrated  SAN  capability  for  up  to  $4,900 
less  than  competitive  offerings.3 


Take  10  minutes  to  see  for  yourself. 

Learn  how  you  could  achieve  up  to  a  3-month  ROI  on  your  migration  with 
our  System  Consolidation  Evaluation  Tool  at  ibm.com/systems/consolidate. 
To  connect  with  the  right  IBM  Business  Partner,  call  877-IBM-ACCESS. 


'60  month  FMV  lease  from  IBM  Global  Financing,  "best  credit"  business  customer.  Prices  are  current  as  of  5/20/11;  subject  to  change  without  notice; 
based  on  manufacturer’s  suggested  retail  price;  dealer  prices  may  vary.  Financing  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM 
subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Minimum  transaction  size:  $5,000;  rates  based  on 
creditworthiness,  terms,  offering  and  equipment  type  and  options,  and  may  vary  by  country.  Other  restrictions  may  apply.  Rates  and  offerings  are  subject 
to  change,  extension  or  withdrawal  without  notice.  Please  contact  your  IBM  Authorized  Business  Partner  or  IBM  representative  for  more  information. 
•Sources  for  the  claims  can  be  found  at  www.ibm.com/systems/consolidate.  3$4,900  cost  savings  vs.  Hewlett-Packard  blade  enclosure  and  servers  was 
calculated  using  public  sources  as  of  May  2011.  Items  compared  were  IBM  BladeCenter  S  chassis  with  SAN  and  six  IBM  HS22  servers  vs.  Hewlett- 
Packard’s  c3000  blade  enclosure  with  SAN  and  six  BL  460  G7  servers.  IBM,  the  IBM  logo,  ibm.com  and  BladeCenter  are  trademarks  of  International 
Business  Machines  Corp,  registered  in  many  jurisdictions  worldwide.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.ibm.com/legal/ 
copytradeshtml.  Intel,  the  Intel  logo,  Xeon  and  Xeon  inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  in  the  United  States  and  other 
countries  All  other  products  may  be  trademarks  or  registered  trademarks  of  their  respective  companies  ©  International  Business  Machines  Corporation 
2011.  All  rights  reserved. 
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FROM  THE  EDITOR  JOHN  DIX 


Tower,  tower,  1 

come  in  tower  i 


It  is  hard  to  put  your  finger  on  any  one  thing  that  sums 
up  developments  in  the  world  of  IT  this  year,  but  a  speaker 
at  one  of  Network  World’s  recent  IT  Roadmap  conferences 
had  an  interesting  analogy  that 
seems  apt. 

It  used  to  be,  he  said,  that  IT  would  design 
the  plane,  build  the  plane,  determine  where 
the  plane  needed  to  go  and  then  fly  it  there.  Today, 
running  IT  is  more  akin  to  being  in  the  control  tower 
coordinating  all  the  planes,  and  you  don’t  even  own  and 
operate  each  of  the  birds. 

Based  on  our  conversations  with  IT  practitioners, 
that  seems  about  right.  More  than  ever,  IT  today  is 
about  service  delivery.  And  while  the  industry  has  talked  about  the  need  to  shift 
the  focus  to  services  for  a  long  time,  anecdotally  it  seems  2011  was  a  turning 
point  of  sorts,  driven  in  part  by  the  consumerization  of  IT  and  in  part  by  the 
realization  that  cloud  is  real. 

When  you  don’t  own  the  end  point,  which  more  and  more  shops  had  to  concede 
this  year,  it  begins  to  force  you  to  think  of  IT  as  a  service.  And  with  cloud  momen¬ 
tum  building,  you  might  as  well  start  down  that  path  because  it  maps  nicely  to 
a  future  where  your  IT  services  will  be  from  a  mix  of  on-premise  resources  and 
others  hosted  in  the  cloud. 

Mark  Templeton,  CEO  of  Citrix  Systems,  summed  it  up  nicely  in  his  keynote 
at  Interop  in  May  when  he  said  the  new  IT  is  about  aggregating  and  owning 
services.  “We  need  an  end-to-end  model  for  stitching  stuff  together  to  deliver  these 
services.”  It  shouldn’t  matter  if  the  services  are  delivered  from  your  data  center 
or  a  cloud  provider’s,  or  if  they  are  consumed  at  a  company  desktop  or  an  iPad  in 
someone’s  home. 

The  technologies  we  have  at  our  disposal  to  deliver  those  services  grew 
increasingly  rich  and  versatile  this  year,  powered  in  the  main  by  advances  in 
virtualization.  And  the  more  we  virtualize  —  everything  from  servers  to  desk¬ 
tops,  applications,  storage  and  the  network  —  the  more  we  have  to  rethink  the 
basic  tenets  of  the  data  center,  which  this  year  gave  rise  to  lots  of  discussion  about 
network  and  compute  fabrics. 

Which  ultimately,  of  course,  raises  questions  about  how  best  to  organize  IT  to 
optimize  these  increasingly  intertwined  disciplines,  a  key  consideration  for  2012. 
It  just  keeps  getting  more  interesting. 
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Mythbusters'  cannonball  splash 

©THEY  DID  EVERYTHING  right.  First, 
they  were  on  a  bomb  range  with  other 
professionals  and  the  approval  of 
the  police.  Second,  not  only  did  they 
admit  fault,  but  went  back  to  make 
personal  apologies.  These  are  stand- 
up  people,  and  they  look  horrified  and 
dismayed  that  this  accident  happened 
(Re:  “Mythbusters  accidentally  set  can¬ 
nonball  on  path  of  destruction”;  tinyurl. 
com/7p5mo5o). 

The  show,  the  people  and  the  police 
that  all  got  out  in  front  of  this  and  are 
admitting  to  the  problem  deserve  credit, 
because  it  is  rare.  In  a  country  where 
we  deny  everything,  we  have  a  bunch  of 
people  admitting  to  fault.  No  egos,  no 
excuses,  just  apologies. 

commentorx 

Shunning  Apple  servers 

©  WHY  SCHOOLS  AREN’T  falling  all  over 
themselves  to  migrate  to  Linux  is  beyond 
me.  It’s  better  on  every  possible  level:  cost 
(both  upfront  and  ongoing),  freedom  of 
exploration  for  students,  ability  for  stu¬ 
dents  and  staff  to  use  the  same  software  at 
home  as  in  school  at  no  cost  (Re:  “School 
shuns  Apple  servers 
for  Windows”;  tinyurl. 
com/c7mgn7p). 

With  the  migration 
to  cloud-based  apps 
seeming  inevitable, 
making  that  change 
should  have  little  if 
any  effect  on  users, 
except  that  their 
desktops  won’t  a)  be 
vulnerable  to  viruses 
or  malware,  b)  be  a 
bloated  mess  that 
requires  new  com¬ 
puter  hardware  for  each  new  release,  and 
c)  lock  them  into  an  expensive  ecosystem 
of  software  which  provides  a  value  far 
lower  than  its  cost. 

Dave  Lane 

©  APPLE  STILL  SELLS  server  products 
that  it  claims  are  powerful  enough  to  meet 
enterprise-class  needs,  but  in  real-world 
applications  Apple’s  servers  cannot 
handle  the  load.  Supporting  network 
home  directories  combined  with  AFP 
on  Mac  OS  X  Server  is  not  stable  with  a 
large  number  of  concurrent  connections 


(75-plus  in  my  experience).  It  crashed 
every  few  weeks  for  us  under  that  load 
(and  has  for  years  across  multiple  ver¬ 
sions  of  the  OS,  on  many  iterations  of 
hardware,  and  after  clean  installs  and 
Apple-recommended  tweaks). 

I  love  the  Mac  OS  and  my  iDevices,  and 
we  are  very  happy  with  the  client  side  of 
our  Mac  deployment,  but  Apple  needs 
to  provide  reliable  tools  and  support  for 
back-end  enterprise  management  of  its 
products.  If  you  are  looking  for  solid  tools 
with  good  commercial-grade  support  for 
directory  authentication,  network  homes 
with  AFP,  and  pushing  out  managed 
preferences,  Windows  is  the  best  choice 
for  supporting  large  deployments  of  Mac 
clients  at  this  time. 

Adam  Gerson 

Gray  areas  in  car  cellphone  use 

©  BECAUSE  BLANKET  LAWS  are  so  effec¬ 
tive  (Re:  “Federal  safety  board  wants 
nationwide  ban  on  cellphone  use  in  cars”; 
tinyurl.com/ 8ytn6uf). 

I  have  a  car  that  connects  to  my  phone 
so  I  can  use  it  hands-free.  Is  that  banned? 

I  sometimes  use  my  phone  as  a  GPS.  Is 
that  banned? 

What  if  I  am  in  the 
passenger  seat.  Is  that 
banned? 

What  if  I  am  stuck 
in  traffic  (i.e.  not  mov¬ 
ing)  and  need  to  call 
the  office  to  say  I  will 
be  late.  Is  that  banned? 

EdLerner 

Carrier  IQ  alarm 

©TREVOR  ECKHART 
FOUND  something  that 
should  be  researched. 
So  take  it  to  the 
development  community  and  work  on 
it.  Have  peers  prove  it  to  be  right,  wrong 
or  partially  right.  Then  formulate  all 
that  data  and  present  something  that  is 
backed  up  and  supported.  Present  any 
additional  questions  and  information 
to  the  community  (Re:  “What’s  really 
going  on  with  Carrier  IQ  on  your  phone”; 
tinyurl.com/8838n3r). 

But  yelling  fire  in  a  crowded  theater 
and  presenting  a  technically  inaccurate 
video  to  millions  of  nontechnical  people 
is  wrong. 

sanchanim 
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Chrome  15 
tops  IE8  as 
most  popular 
browser 


GOOGLE’S  CHROME  15 

browser  is  currently  the 
most-used  browser  in  the  world, 
according  to  new  data  from  Web 
analytics  firm  StatCounter.  Chrome 
15  captured  23.6%  of  the  worldwide 
market  in  the  last  week  of  November, 
nudging  out  Microsoft's  Internet  Explorer 
8,  which  took  23.5%  of  the  market.  The  only 
browser  versions  that  come  close  to  matching  Explorer 
8  and  Chrome  15  are  Mozilla's  Firefox  8,  which  took  a  12.12% 
market  share  in  the  last  week  of  November,  and  Internet 
Explorer  9,  which  grabbed  a  10.3%  share.  Internet  Explorer  is 
still  the  most-used  overall  browser  in  the  world,  however,  as 
various  versions  of  IE  were  used  by  roughly  40%  of  Web  users 
in  the  last  week  of  November.  Chrome  came  in  second  place 
worldwide  with  just  over  26%  of  the  global  market  share,  fol¬ 
lowed  closely  by  Firefox,  which  took  25%  of  the  global  market 
share,  tinyurl.com/ckyjg48 
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Microsoft  to 
start  updating  IE 
without  asking 

MICROSOFT  NEXT  year 
will  change  its  automated 
update  process  for  the  Internet 
Explorer  (IE)  Web  browser  to 
push  out  the  latest  version  of  the 
browser  for  XP,  Vista  and  Win¬ 
dows  7  without  the  notification- 
style  install  prompt  presented  to 
the  end  user  today.  Rival  Google 


Chrome  has  had  automatic,  no- 
questions-asked  updates  since 
its  release  in  2008.  For  those 
who  have  opted  into  the  general 
Windows  Update  process,  the 
current  yes-or-not  style  install 
prompt  for  IE  has  confused 
the  end  user  and  has  slowed 
browser  upgrades,  says  Ryan 
Gavin,  general  manager  of  IE 
at  Microsoft.  Simply  updating 
IE  automatically  would  be  a 
more  secure  approach,  he  says 
“The  browser  is  always  a  big 


attack  space  for  malware,”  says 
Gavin.  “Updating  browsers 
is  fairly  simple.  And  security 
researchers  are  unanimous 
about  getting  users  to  the 
latest  version.”tinyurl.com / 
bmnkw4x 

Steve  Jobs, 
iPhone  5  top 
Google  2011 
search  list 

BASED  ON  the  most  popular 
2011  Google  search  terms, 
people  were  most  interested  in 
getting  information  on  Apple 
founder  Steve  Jobs,  the  iPhone 

5 ,  the  iPad  2  and  Google+.  Out 
of  the  billions  of  searches  that 
people  conducted  on  Google 
this  year,  these  were  the  top  tech 
topics  in  the  company’s  annual 
list  of  top  searches.  On  the  list  of 
fastest-growing  search  terms, 
Google’s  new  social  network¬ 
ing  site,  Google+,  came  in  at  a 
strong  second,  while  the  release 
of  Battlefield  3,  a  first- person 
shooter  video  game,  came  in 

at  No.  5,  and  the  anticipated 
release  of  the  iPhone  5  was  No. 

6.  Google  also  released  a  list  of 
the  fastest-growing  searches  for 
consumer  electronics.  Amazon’s 
Kindle  Fire  topped  that  list,  fol¬ 
lowed  by  Apple’s  iPhone  4S,  the 
Sidekick  4G  Android  phone,  the 
HP  TouchPad  and  the  Android 
app  SPB  Shell  3D.  tinyurl.com/ 
br6rvrf 


Future  tech 

In  this  year's  future 
technology  and  prototype 
review  we'll  take  a  look  at 
technologies  that  could 
one  day  be  commonplace, 
making  our  lives  easier  and 
more  enjoyable. 
tinyurl.com/7z3z7p2 


Feds  again  say 
LightSquared 
interferes 
with  GPS 


A  SECOND  round  of  tests  on 
LightSquared’s  proposed  land- 
based  mobile  data  network 
again  showed  interference 
with  a  majority  of  GPS  devices, 
except  for  cellphones,  two  U.S. 
federal  departments  said  last 
week.  LightSquared  wants 
to  build  a  network  of  4G  LTE 
(Long-Term  Evolution)  base 
stations  around  the  U.S.  that 
would  operate  on  frequen¬ 
cies  close  to  those  used  by 
GPS  receivers.  “Preliminary 
analysis  of  the  test  findings 
found  no  significant  interfer¬ 
ence  with  cellular  phones,” 
the  Department  of  Defense 
and  Department  of  Trans¬ 
portation  said  in  a  statement. 
“However,  the  testing  did  show 
that  LightSquared  signals 
caused  harmful  interference 
to  the  majority  of  other  tested 
general  purpose  GPS  receivers. 
Separate  analysis  by  the  Fed¬ 
eral  Aviation  Administration 
also  found  interference  with  a 
flight  safety  system  designed 
to  warn  pilots  of  approaching 
terrain.”  LightSquared  said  it 
“profoundly”  disagrees  with 
those  assessments,  tinyurl. 
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Apple  contract,  going 
once,  going  twice ... 

GOOD  TO  see  that  Apple  executives  aren’t  the  only 
ones  making  money  off  the  company's  hotness  these 
days.  Sotheby’s  last  week  sold  the  contract  (on  behalf 
of  a  seller  who  acquired  the  documents  from  a  manu¬ 
script  dealer)  that  launched  Apple  for  roughly  $1.6 
million,  way  more  than  the  $100,000  to  $150,000 
price  put  on  the  35-year-old  documents.  Eduardo 
Cisneros,  CEO  of  Cisneros  Corp.,  a  Miami  company, 
bought  the  contract. 

Yeah,  yeah,  we  know, 
you’re  creative 

IF  YOU  were  really  as  "creative" 
as  your  resume  claims,  you’d 
use  different  terminology 
to  showcase  your  skills, 
according  to  Linkedln’s  2011 
list  of  most  overused  words 
and  phrases.  The  online  professional 
network,  whose  membership  has  ballooned  from  85 
million  a  year  ago  to  135  million,  says  the  term  “cre¬ 
ative"  is  the  one  that  pops  up  most  often  on  Linkedln 
profiles  not  just  in  the  United  States,  but  in  Australia, 
Canada,  Germany,  the  Netherlands  and  the  United 
Kingdom  as  well. 


Shady  dealings 


THE  U.S.  Department  of  Justice  has  charged  that  six 
ex-Siemens  executives  bribed  Argentine  govern¬ 
ment  officials  in  order  to  win  a  $1  billion  contract  to 
provide  national  identity  cards  to  the  country’s 
citizens.”The  allegations  in  this  indictment 
reflect  a  stunning  level  of  deception  and  cor¬ 
ruption,"  said  DOJ  Assistant  Attorney  General 
Lanny  Breuer.  The  former  Siemens  executives 
charged  with  violations  under  the  Foreign  Corrupt 
Practices  Act  (FCPA)  include  Uriel  Sharef,  who  was 
on  the  Siemens  board  of  directors.  None  of  the  defen¬ 
dants  currently  work  for  Siemens.  They  each  face  up 
to  20  years  in  prison. 


Ban  all 

electronics  for 
drivers,  safety 
agency  urges 

THE  NATIONAL  Transporta 
tion  Safety  Board  recommended 
last  week  that  states  outlaw 
the  use  of  all  electronic  devices 
while  driving,  including 
cellphones  with  hands-free 
kits.  The  board’s  proposal  goes 
beyond  laws  already  in  place  in 
many  states  against  texting  and 
against  using  phones  without 
hands-free  kits.  It  would  cover 
all  drivers  of  personal  as  well  as 
commercial  vehicles.  The  NTSB 
cannot  enact  or  enforce  laws 
itself  but  investigates  accidents 
and  issues  recommendations 
for  highway  safety.  In  the  past, 
it  has  recommended  state  laws 
for  seat  belt  use  and  other  safety 
measures.  “It  may  seem  like  it’s 
a  very  quick  call,  a  very  quick 
text,  a  tweet  or  an  update,  but 
accidents  happen  in  the  blink 
of  an  eye,”  NTSB  Chairwoman 
Deborah  A.P.  Hersman  said. 
“Thousands  of  lives  have  been 
lost  due  to  distraction.”  The 
agency  estimates  that  more  than 
3,000  people  died  in  2010  in 
distraction-related  accidents. 
tinyurl.com/7m3c9j8 

Comcast  expands 
IPv6  into  four 
more  states 

COMCAST  CONTINUES  to 

extend  its  leadership  role  in  the 
adoption  of  next-generation 
Internet  services  with  the 
news  that  it  has  expanded  its 
production  IPv6  deployment 
into  four  more  states  —  Illinois, 
Florida,  Pennsylvania  and  New 
Jersey  —  over  the  past  six  weeks. 


Comcast  made  the  announce¬ 
ment  last  week  at  a  technical 
seminar  sponsored  by  Network 
World  called  “The  Critical  Path 
to  IPv6.”  Comcast  launched 
its  production  IPv6  deploy¬ 
ment  on  Oct.  31  in  the  East  Bay 
area  of  San  Francisco  with  100 
customers.  Now  Comcast  says 
it  has  more  than  1,000  users  of 
IPv6  nationwide.  “We’ve  seen 
no  technical  issues. ...  We’ve 
seen  no  increase  in  tech  support 
calls,”  said  John  Brzozowski, 
chief  architect  for  IPv6  and  dis¬ 
tinguished  engineer  at  Comcast, 
which  has  been  a  leader  in  the 
deployment  of  IPv6  among  U.S. 
ISPs.  “For  the  vast  majority  of 
people,  it’s  the  same  Internet 
the  day  after  we  deploy  IPv6.  *’ 
tinyurl.com/cgjx9f9 

Sonic.net  plans 
lGbps  fiber 
service  in 
San  Francisco 

ISPSONIC.NET  unveiled 
an  ambitious  plan  last  week 
to  build  a  fiber  network  that 
would  reach  most  residences 
and  small  businesses  in  San 
Francisco  with  lGbps  Internet 
access.  The  so-called  fiber-to- 
the-home  network  would  be 
the  first  such  city  wide  system 
in  San  Francisco  and  would 
dramatically  exceed  the  current 
residential  speeds  offered  by 
AT&T  and  Comcast,  the  city’s 
major  ISPs.  It  could  draw  avid 
interest  in  the  city,  which  is  a 
hub  for  Internet  startups  and 
home  to  many  Silicon  Valley 
technology  workers.  But  such 
a  project  would  pose  daunting 
costs  and  regulatory  hurdles  for 
any  service  provider,  let  alone 
a  small  operator  such  as  Sonic. 
tinyurl.com/7a28l7p 
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Vice  President  of  Sprint's 
Wireline  services,  including 
international  sales  and  al¬ 
liance  partnerships,  Mc¬ 
Gaffigan  and  her  team  are 
responsible  for  coordinating 
Wireline  platform  strategy 
and  providing  sales  and 
operations  support  of  a  S4.3 
billion  line  of  business.  She 
brings  more  than  20  years 
of  communications  and 
leadership  expertise  to  her 
current  position. 


FOR  MORE  INFORMATION: 

please  visit  www.sprint.com/ 
convergence. 
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Managed  Network  Solutions: 

Partner-provided  secure,  reliable  communications 
lets  business  focus  on  business 


Give  us  an  overview  of  Sprint's  vision 
of  what  comprises  Managed  Network 
Solutions. 

We  define  Managed  Network  Solutions  as  a 
communications-centric  subset  of  packaged 
offerings  that  provide  day-to-day,  operations- 
focused  management  functions  tied  to  specific 
network  and  network-related  technologies. 

Our  vision  is  to  provide  a  holistic  approach 
to  help  businesses  evolve  their  technology 
platform.  Our  portfolio  includes  planning, 
design  and  implementation  services,  and 
solutions  from  simple  monitoring  to  full  end- 
to-end  support,  managed  firewalls,  managed 
WAN  acceleration  and  managed  IP  telephony. 
We  also  have  a  group  dedicated  to  cloud 
consulting  services  to  complement  traditional 
managed  router  services. 

It  is  important  to  note  that  security  is  tightly 
integrated  at  every  level  of  the  network.  We 
want  to  underscore  white-glove  customer 
support  and  strong  SLAs  developed  through  a 
deep  understanding  of  the  impact  of  conver¬ 
gence  on  networks.  We  have  been  doing  this 
for  more  than  25  years,  and  have  participated 
in  the  migration  of  businesses  to  IP-based 
services  and  the  convergence  of  voice,  video 
and  data. 

Why  is  this  important  to  organizations 
today? 

Enterprises  are  seeking  new  and  innovative 
ways  to  keep  up  with  technology  and  grow 
their  business  without  being  diverted  from 
their  core  product  and  services.  With  limited 
resources,  engaging  a  trusted  partner  to  take 
on  less  strategic  activities  becomes  a  logical 
next  step. 

Of  course,  that  mandates  an  efficient 
network  design  that  sends  business-critical 
information  reliably  and  securely,  to  reduce 
delays  and  lost  business.  Companies  want  to 
increase  productivity  and  keep  branch  and 
remote  offices,  plus  an  increasingly  mobile 
workforce,  connected. 

Finally,  multinational  companies  face  in¬ 
creasing  complexities  and  need  legal  and  regu¬ 
latory  expertise  to  deal  with  security  and  other 
issues  of  managing  a  worldwide  network. 


What  are  the  business  drivers  of  MNS? 

Businesses  are  operating  with  constrained 
budgets.  A  strong  MNS  partner  can  help 
improve  operational  efficiencies,  reduce 
capital  expenditures  and  allow  IT  to  focus  on 
their  core,  strategic  competencies.  MNS  can 
enable  IT  to  be  more  nimble  and  flexible,  and 
to  deploy  new  applications  easily 

What  are  the  IT  drivers? 

There  is  enormous  pressure  on  IT  to  deliver  a 
good  customer  experience  both  internally  and 
externally,  so  meeting  end-user  expectations  is 
the  primary  driver.  IT  generally  looks  to  man¬ 
aged  solutions  when  they  need  to  streamline 
operational  support  requirements  and  to  trans¬ 
fer  technology  risk  and  capital  investment. 

Talk  about  the  most  often  realized  benefits 
of  this  strategy. 

The  greatest  benefit  is  the  ability  to  quickly 
deploy  resources  to  focus  on  core  competen¬ 
cies  and  critical  projects.  Most  companies  are 
not  adding  personnel  in  the  current  business 
climate,  however  they  do  not  want  to  lose  out 
on  technology  enablers.  This  strategy  allows  a 
company  to  put  those  enablers  into  the  hands 
of  a  trusted  partner.  A  few  years  ago,  IT  didn’t 
want  to  let  go  of  management— they  were  anx¬ 
ious  about  it.  But  there  has  been  a  huge  shift  in 
the  tides.  Managed  solutions  are  the  ideal  way 
to  mitigate  technical  obsolescence,  and  gain 
greater  business  agility. 

What  are  the  key  considerations  an  IT 
leader  needs  to  keep  in  mind  when  evalu¬ 
ating  a  Managed  Network  Solution? 

There  are  three:  Customer  service,  technology 
and  value.  We  hold  ourselves  to  the  highest 
standards  in  our  relationship  with  customers 
and  our  end-to-end  accountability.  Businesses 
should  also  have  access  to  a  self-service  manage¬ 
ment  portal  that  provides  visibility  and  trans¬ 
parency  to  the  health  of  their  network.  With 
technology,  the  portfolio  has  to  give  customers 
more  than  they  could  do  themselves,  and  meet 
the  future  needs  of  their  business.  Finally,  the 
ROI  has  to  make  sense.  The  business  has  to  be 
able  to  reduce  costs  through  efficiencies. 
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Big  enterprise  news 
stories  of  2011 


Cisco  changes,  IPv6  taking  off  and 
OpenFlow  getting  attention  were  just  a  few 
of  the  hotter  enterprise  stories  of  2011 


BY  BOB  BROWN 


2011  COULD  be  described  as  “The  Year  of...”  many  things.  The  tablet  market  heated  up 
beyond  the  Apple  iPad.  4G  wireless  took  off  with  the  emergence  of  big-time  LTE  networks. 
Governments  and  hackers  screamed  for  attention  by  taking  down  networks,  while  IPv6  gen¬ 
erated  interest  for  giving  the  Internet  a  way  to  carry  on.  The  shift  to  cloud  computing  sped 
up.  Despite  hiccups.  Data  centers  took  on  new  looks  with  the  emergence  of  fabric-switching 
architectures  and  a  revamped  Cisco.  And  the  shape  and  faces  of  the  industry  changed  as  IBM, 
HP  and  Google  all  announced  new  leaders.  Apple  of  course  will  remember  2011  as  the  year 


its  iconic  leader  Steve  Jobs  died.  Meanwhile,  Microsoft,  AT&T  and  Google  made  blockbuster 


acquisition  bids.  Here’s  a  look  back  ai  a  few  of  the  stories  that  stood  out  in  the  enterprise  arena. 


Cisco  refocuses 

Following  disappointing  financial  results 
to  start  its  fiscal  year  2011,  Cisco  CEO  John 
Chambers  this  spring  and  summer  was 
forced  to  acknowledge  that  the  company 
had  been  caught  off  guard  by  dramatic 
changes  in  its  core  switching  and  routing 
market.  Chambers  pointed  to  lower  profit 
margins  as  customers  switched  over  to 
newer  Cisco  products  like  its  Nexus  line 
of  switches  that  boast  better  price/perfor¬ 
mance  ratios.  He  said  the  company  needed 
to  make  decisions  faster  and  get  leaner  and 
more  focused,  which  translated  into  hiring 
a  COO,  laying  off  some  6,500  employees 
and  ditching  some  of  the  businesses  it 
had  expanded  into,  including  Flip  video 
cameras. 


OpenFlow  glows 

The  big  Interop  2011  show  could  almost 
have  been  called  the  OpenFlow  show  given 


that  it  served  as  one  of  the  first  significant 
exhibitions  of  OpenFlow  switches  and  con¬ 
trollers,  including  those  shown  off  in  a  lab 
at  the  event.  The  software-defined  network¬ 
ing  technology  is  designed  to  enable  users 
to  define  flows  and  determine  what  paths 
those  flows  take  through  a  network,  regard¬ 
less  of  the  underlying  hardware.  OpenFlow 
stems  from  an  open  source  project  borne  of 
a  six-year  research  collaboration  between 
the  University  of  California  at  Berkeley  and 
Stanford  University,  which  hosted  the  first 
ever  Open  Networking  Summit  in  October 


to  hasten  software-defined  network  devel¬ 
opment  and  further  spread  the  word  about 
the  technology.  OpenFlow  has  momentum, 
but  is  far  from  a  sure  thing  or  the  only  game 
in  town,  with  heavy  hitters  such  as  Cisco 
still  weighing  their  options. 


Microsoft  previews  Windows 
8  and  heads  into  the  clouds 

While  it  might  seem  that  we’ve  only  begun 
to  know  Windows  7,  that  Microsoft  soft¬ 
ware  has  been  around  now  since  2009,  so 
the  company  has  started  cranking  up  Win¬ 
dows  8  hype.  Steve  Ballmer  kicked  off  2011 
at  CES  in  January  by  announcing  Windows 
8  would  run  not  just  on  x86  hardware  but 
also  on  ARM  processors  so  common  on 
tablet  computers.  Microsoft  has  further 
tantalized  potential  users  by  demoing  boot 
times  of  less  than  10  seconds  for  Windows 
8  machines  and  previewing  a  user  interface 
dubbed  Metro  that  borrows  heavily  from 
the  company’s  touch-friendly  Windows 
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to  be  the  most  watched  tech-related  event 
since  New  Year’s  Eve  1999,  when  all  eyes 
were  on  the  Y2K  bug. 


Phone  interface.  Meanwhile,  Microsoft  is 
not  oblivious  to  the  move  many  customers 
are  making  to  the  cloud.  Microsoft  in  June 
debuted  its  Office  365  cloud  service  —  the 
company’s  answer  to  Google  Apps  —  and 
the  latest  Microsoft  offering  designed  to 
expand  the  company’s  reach  beyond  pack¬ 
aged  software.  Microsoft  is  giving  some 
organizations  big  incentives  to  use  the  new 
offering.  Office  365  complements  earlier 
Microsoft  cloud  offerings,  including  its 
Azure  platform  as  a  service,  which  hasn’t 
caught  on  in  a  big  way  yet.  Microsoft  said 
late  in  the  year  that  Office  365  was  proving 
to  be  a  big  hit,  especially  with 
small  businesses. 


Bring  on  IPv6 

The  Internet  ran 
out  of  IPv4  address 
space  in  early  Febru¬ 
ary  when  the  Internet 
Assigned  Numbers 
Authority  assigned  two 
of  the  remaining  blocks  of 
IPv4  addresses  —  each  con¬ 
taining  16.7  million  addresses  —  to  the 
Asia  Pacific  Network  Information  Centre. 
This  action  sparked  an  immediate  dis¬ 
tribution  of  the  remaining  five  blocks  of 
IPv4  address  space,  with  one  block  going 
to  each  of  the  five  Regional  Internet  Regis¬ 
tries.  With  IPv4  addresses  gone,  Internet 
policy  makers  ratcheted  up  the  pressure 
on  network  operators  to  migrate  quickly 
to  IPv6,  and  World  IPv6  Day,  held  in  June, 
showed  off  the  capabilities  and  readiness  of 
the  Internet  Protocol  as  the  update  went  off 
with  nary  a  hitch.  World  IPv6  Day,  which 
involved  400  organizations  including  big- 
name  content  suppliers,  carriers,  hardware 
vendors  and  software  makers,  was  said 


Big  Data  gets  bigger 

Big  Data  is  one  of  those  terms  that  despite 
oozing  of  jargon  and  hype  did  become  the 
real  deal  in  2011,  with  major  software 
vendors  such  as  Oracle  and  Sybase 
rolling  out  Big  Data  products  (in  fact, 
Oracle’s  is  called  the  Big  Data  Appli¬ 
ance),  and  big-name  investors  like 
Accel  Partners  putting  its  money  behind 
the  concept,  in  the  form  a  $100  million 
Big  Data  Fund  for  startups.  Big  Data  refers 
generally  to  the  gobs  of  information  gener¬ 
ated  by  websites,  social  networks,  sensors 
and  other  sources  apart  from  traditional 
enterprise  applications  and  that  can  be 
put  to  use  for  diverse  business  purposes  if 
organized  and  analyzed  in  a  sophisticated 
way.  Gartner  even  added  Big  Data  to  its 
2011  Hype  Cycle  for  Emerging  Technolo¬ 
gies,  along  with  gamification  and  Internet 
of  things,  and  shows  Big  Data  still  has  a 
way  to  go  before  it  hits  the  Peak  of  Inflated 
Expectations. 


Smartphones,  tablets 
rush  the  enterprise 

Many  IT  shops  hemmed  and  hawed  over 
the  years  about  how  to  handle  employee- 
owned  devices  at  work,  but  2011  marked  the 
year  that  many  employees 
forced  employers’  hands, 
and  increasingly,  organi¬ 
zations  decided  allowing 
employees  to  use  what  they 
wanted  might  be  a  win-win. 
A  wider  variety  of  devices 
and  useful  apps,  along 
with  lower  prices,  have  put 
smartphones,  tablets  and 


other  such  devices  into  more  people’s  hands 
(Gartner  reported  that  smartphone  sales  to 
end  users  rose  42%  in  Q3  compared  with  Q3 
last  year.).  And  a  batch  of  new  multivendor 
device  management  tools  from  third-party 
vendors  as  well  as  device  makers  such  as 
RIM  have  made  managing  heterogeneous 
mobile  environments  more  feasible  and 
secure. 


LTE  everywhere 

AT&T  at  the  annual  CES  conference  in 
Las  Vegas  formally  announced  its  plans  to 
launch  LTE  services  during  the  summer 
of  2011  and  the  carrier  followed  through. 
AT&T  also  announced  that  it  would  be 
launching  about  20  different  “4G  devices” 
this  year,  although  many  would  actually 
run  on  its  3G  HSPA+  wireless  network. 
Separately,  Verizon  at  CES  showed  off  10 
LTE  devices  it  would  be  selling  in  the  first 
half  of  2011,  following  its  LTE  network 
launch  in  December  2010.  Meanwhile, 
Sprint  and  Clearwire  steadily  expanded 
their  WiMax  network  but  aired  plans  for 
LTE,  too.  All  of  this  made  for  more  of  a 
coming-of-age  than  a  coming-out  party  for 
4G  wireless  at  the  4G  World  event  in  Chi¬ 
cago  during  the  fall. 

Google’s  big  deal 

Google  announced  in  August  its  biggest 
acquisition  ever,  a  $12.5  billion  deal  for 
Motorola  Mobility  that  turns  out  to  be  in 
large  part  about  obtaining  oodles  of  patents 
that  can  be  used  to  defend  the  Android  eco¬ 
system  against  infringement  lawsuits  and 
countersue  as  well.  The  deal  raised  plenty 
of  questions  regarding  that  ecosystem  of 
partners,  however,  such  as  whether  Google 
would  now  be  competing  with  phone  and 
tablet  makers  with  its  own  Droid  and  Xoom 
offerings  via  Motorola  Mobility.  ■ 


www.networkworld.com  DECEMBER  19, 2011  9 


2011’s  biggest 
security  snafus 

From  Anonymous  to  the  SCADA 
attack  that  wasn’t;  was  this  the  year 
of  the  advanced  persistent  threat? 

BYELLENMESSMER 


Just  some  of  the  cyberattacks  this  year 


Mar. 

Hackers  steal  data  related  to  RSA  secure  tokens  SeCUflD 

20  Apr 
or  earlier 

Sony  Playstation  Network 

Hackers  steal  personal  information  from  millions  of 
users  in  first  of  a  series  of  attacks  on  Sony 

© 

22  Apr* 

Fox  Networks 

Lulzsec  stole  personal  information  of  70,000  X  Factor 
contestants,  database  and  passwords  from  employees 

FOX 

May 

Citigroup  Inc. 

Hackers  take  200,000  customers'  data 

Citi 

PERHAPS  IT  was  an  omen  of  what  was  to  come  when  the  city 
of  San  Francisco  on  New  Year’s  Eve  2010  couldn’t  get  a  backup 
system  running  in  its  Emergency  Operations  Center  because  no 
one  knew  the  password. 

But  as  2011  begins  to  fade  to  black,  we  look  back  at  the  big¬ 
gest  security  snafus  that  made  headlines,  including  data  hacks 
attributed  to  everyone  from  the  shadowy  group  Anonymous 
to  China.  Some  might  even  want  to  label  2011  the  year  of  the 
advanced  persistent  threat  (APT). 

APTs  were  bursting  out  all  over.  In  just  one  example,  Nor¬ 
way’s  National  Security  Agency  in  November  disclosed  that 
oil,  gas  and  defense  firms  there  had  been  targeted  by  sophisti¬ 
cated  attacks  in  which  industrial  secrets  and  information  about 
confidential  contract  negotiations  were  stolen.  Ten  companies 
in  Norway  were  said  to  have  been  hit  by  customized  email  con¬ 
taining  viruses  that  didn’t  trigger  anti-malware  detection  sys¬ 
tems.  The  Norwegian  security  agency  didn’t  state  any  probable 
source  for  the  APTs  there. 

APTs  weren’t  the  only  problem.  When  RSA  Executive  Chair¬ 
man  Art  Coviello  in  mid-March  announced  that  RSA  had  been 

hacked  and  information  stolen  linked 
to  its  SecurlD  token  authentication, 
that  was  just  the  start  of  trouble. 
In  what  can  be  considered  the  data 
breach  of  the  year,  it  became  clear 
later  on  that  the  attacker  was  going 
after  RSA  customers,  including 
Lockheed  Martin.  The  cost  of  the  RSA 
breach  for  parent  company  EMC  was 
reported  at  $55  million  in  the  second 
quarter. 

Read  on  for  a  look  at  some  of  the 
other  big  security  problems  this  year. 


Patch  that  hole! 

The  YGN  Ethical  Hacker  Group,  the  Burmese  group  which 
claims  to  do  only  “ethical”  hacking  to  expose  software  vulner¬ 
abilities,  spotted  vulnerabilities  in  McAfee’s  website  and  quietly 
contacted  McAfee  to  tell  the  company  about  it.  But  when  McAfee 
didn’t  fix  the  website,  YGN  went  public  in  March,  causing  some 
embarrassment  to  the  security  vendor,  which  says  its  customers 
weren’t  in  danger.  YGN,  whose  practices  doing  unauthorized  vul¬ 
nerability  testing  of  public-facing  websites  does  defy  U.S.  law  on 
the  practice,  also  got  Apple,  which  had  also  been  a  bit  lax,  to  fix  its 
developer  website. 


21  May  Lockheed  Martin 

Hacked  but  managed  to  stop  attack 
before  any  critical  data  was  stolen 


30  May  PBS.org  Lulzsec  defaced  its  website,  posted  a 
fake  article  and  stole  its  database 


1  Jun  Google  Email  system  hacked, 

attack  suspected  to  originate  from 
China 


^PBS 

0 


11  Jun 


International  Monetary  Fund 

Hack  suspected  to  originate  from  a  "foreign  government” 


13  Jun  Bethesda  Game  Studio 

U.S.  Senate  (www.senate.gov) 

Lulzsec  hacked  and  released  internal  data  from  its  servers 


15  Jun 


Bethesda  Game  Studio 

U.S.  Senate  (www.senate.gov)  Lulzsec  hacked  and 
released  internal  data  from  its  servers 

Bethesda  Game  Studio 
U.S.  Senate  (www.senate.gov) 

Lulzsec  hacked  and  released  internal  data  from  its  servers 


19  Jun 


SEGA 

Hackers  compromise  accounts  of 
some  1.3  million  customers 


3  Jul  Apple 

Anonymous  hacks  into  one  of  Apple’s  servers, 
publishes  internal  usernames  and  passwords 


21  Jul  NATO 

Anonymous  and  Lulzsec  hack  NATO  servers, 
obtain  1GB  of  restricted  data 


19  Jul  Diginotar 

A  compromise  of  trusted  SSL  certificate  vendor  Diginotar  Jfe.  DigiNotar 
resulted  in  attackers  obtaining  fraudulent  certificates  that 
were  indistinguishable  from  legitimate  certificates. 


25  Oct 


US  police  websites 

Hacktivists  disrupted  dozens  of  US  police  websites  and  leaked 
the  personal  details  of  up  to  2,000  officers,  apparently  in 
protest  at  the  treatment  meted  out  to  supporters  of  the 
'Occupy'  protest  movement 


26  Oct 


Mitsubishi  Heavy 

Attackers  stole  plans  for  fighter  jets  and  nuclear  power  plant 
safety  systems  during  August's  hack  of  Japanese  defense 
contractor  Mitsubish  Heavy,  sources  in  the  country  have 
claimed 


18  Nov  Norway's  National  Security  Agency 

Oil,  gas  and  defense  firms  there  had  been  targeted  by 
sophisticated  attacks  in  which  industrial  secrets  and 
information  about  contract  negotiations  were  stolen 


6  Dec 


Adobe 

An  unpatched,  or  zero-day,  vulnerability  in  Adobe  Reader  is 
exploited  by  criminals.  Those  attacks  may  have  been  aimed 
at  defense  contractors 


M 

Adobe 


SOURCE:  REUTERS 
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Open  source  hacked 

These  open-source  bastions  were  scaled 
and  taken  last  year:  MySQL.com,  the 
Linux  Foundation  with  Linux.com  and 
Linux.org,  and  Kernel.org;  plus  open 
source  OS  Commerce  software  was 
compromised  with  malware.  A  Russian 
hacker  claimed  to  be  selling  root  access  to 
the  My.SQL  domain  for  $3,000. 


Russian  cyberattack  on 
Illinois  water  facility,  or  just 
a  contractor  who  happened 
to  be  on  a  trip  to  Russia? 


Was  it  a  foreign  cyberattack  originating 
from  an  IP  address  in  Russia  that  hit  an 
internal  SCADA  system  at  the  Curran- 
Gardner  Townships  Public  Water  District 
in  central  Illinois,  causing  a  water  pump, 
turned  on  and  off  remotely,  to  burn  out  in 
November?  The  Illinois  Statewide  Terror¬ 
ism  &  Intelligence  Center  (STIC)  issued  a 
confidential  report  to  this  effect,  which 
was  leaked  in  November  by  energy  indus¬ 
try  analyst  and  author  Joe  Weiss  who 
read  its  contents  to  a  reporter  at  the  Wash¬ 
ington  Post.  But  in  the  media  uproar  that 
followed,  the  FBI  and 
Department  of  Home¬ 
land  Security  said  it 
investigated  the  Illinois 
STIC  claims  and  could 
find  nothing  to  validate 
them.  Sources  say  the 
network  access  from 
Russia  is  now  linked  to 
a  contractor  working  for 
Curran-Gardner  Town¬ 
ships  Public  Water  Dis¬ 
trict  who  happened  to 
be  in  Russia  when  he 
remotely  accessed  Cur- 
ran-Gardner’s  network. 
But  DHS  indicates 
“analysis  of  the  incident 
is  ongoing . . 


The  data-breach  hit 
parade  of  2011 

■  The  so-called  “Sony  hack”  in  April 
allowed  hackers  to  get  customer 
information  for  77  million  members 
of  Sony’s  online  PlayStation  network, 
including  credit-card  numbers,  an 
act  that  forced  Sony  to  take  down  its 
service.  In  May,  Sony  said  the  attack 
cost  it  $170  million. 


■  The  once-obscure  marketing  firm 
Epsilon  in  April  disclosed  a  hacker 
had  stolen  an  estimated  2%  of  the 
customer  names  and  addresses  of 
its  client  base,  impacting  Walgreens, 
Best  Buy,  Citibank,  JPMorgan  Chase, 
Kroger’s  supermarket  chain  and  more. 

■  When  a  string  of  SSL  digital  certifi¬ 
cate  providers,  including  Comodo, 
DigiNotar  and  GlobalSign,  were 
breached,  some  of  them  allegedly  by 
a  21-year-old  Iranian  student  calling 
himself  “Comodohacker,”  the  fallout 
included  the  creation  of  a  fake  Google 
certificate  (since  revoked)  that  allowed 
the  attacker  to  capture  login  details  of 
a  person’s  Gmail  account  without  a 
warning  from  the  victim’s  browser  the 
site  might  not  really  be  Google.  Digi¬ 
Notar,  owned  by  Dutch-based  Vasco 
Security  Systems,  went  bankrupt  as 

a  result  of  the  hack,  especially  after 
the  Dutch  government  banned  use  of 
DigiNotar  certificates. 

■  U.S.  government  research  labs,  long 
a  target  for  attack,  were  hit,  with  Oak 
Ridge  National  Laboratory  in  Tennes¬ 
see  forced  to  shut  down  its  email  and 
Internet  access  in  April  following  a 
cyberattack  in  which  phishing  email 
was  sent  to  some  573  lab  employees. 
The  Department  of  Energy’s  Pacific 
Northwest  Laboratory  also  shut  down 
email  and  Internet  connectivity  after  a 
similar  type  of  spear-phishing  attack 
in  the  summer. 

■  In  June,  Citigroup  acknowledged  that 
hackers  broke  in  and  managed  to 
steal  credit-card  numbers  from  about 
360,000  affected  clients.  The  fraud 
loss:  $2.7  million. 

■  The  Texas  State  Comptroller’s  Office 


fired  its  heads  of  information  security 
and  of  innovation  and  technology  after 
an  inadvertent  data  leak  that  exposed 
Social  Security  numbers  and  other 
personal  information  on  more  than  3.2 
million  people  in  the  state. 

■  In  November,  a  flood  of  porn—  like 
photoshopped  images  of  Justin  Bieber 
in  unmentionable  acts  —  hit  Facebook 
in  what’s  believed  to  be  a  “clickjacking 
exploit”  against  users. 

■  Romanian  authorities  arrested  a 
26-year-old  hacker  accused  of  breaking 
into  multiple  NASA  servers  and  caus¬ 
ing  $500,000  in  damages  to  the  U.S. 
space  agency’s  systems.  Robert  Butyka, 
said  to  use  the  handle  “Iceman,”  is 
expected  to  be  tried  in  Romania. 

Who’s  minding  the  app  stores? 

It  was  something  of  a  shock  when  Google 
in  March  was  forced  to  yank  down  about 
50  Android  apps  from  its  Android  Mar¬ 
ket  after  finding  out  they  were  actually 
malicious  applications.  Dubbed  the 
DroidDream  malware  episode,  it  was  far 
worse  than  anything  that  had  hit  Google 
Android  Market  before. 

Big  year  for  Anonymous 

Last  but  hardly  the  least,  2011  was  a  ban¬ 
ner  year  for  the  shadowy  hacktivist  collec¬ 
tive  Anonymous,  which  generally  targets 
business  and  government  organizations 
around  the  world  whose  practices  are 
despised  for  one  reason  or  another,  typi¬ 
cally  by  hacking  into  networks  to  steal 
data  and  post  it,  or  launching  attacks  to 
take  sites  offline.  In  addition  to  the  high- 
profile  attack  last  winter  against  security 
firm  HBGary  Federal,  which  was  trying 
to  track  the  hacker  group.  Anonymous  is 
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believed  to  have  led  attacks  on  Koch  Industries,  Bank  of  America 
and  NATO,  plus  what  ended  up  being  a  weak  distributed  denial-of- 
serviee  (DoS)  attack  on  the  New  York  Stock  Exchange.  Anonymous 
played  a  role  in  spurring  on  the  Occupy  Wall  Street  movement 
demonstrations  around  the  world,  not  to  mention  San  Francisco’s 
“Operation  Bart.” 

Other  actions  this  years  from  Anonymous  are  believed  to  have 
been  against  online  resources  associated  with  Tunisia,  Brazil,  Zim¬ 
babwe,  Turkey,  Australia,  the  Malaysian  government  and  the  Flor¬ 
ida  Chamber  of  Commerce.  More  recent  Anonymous  hacktivism 
this  year  has  focused  on  child-porn  sites  and  the  Mexican  drug  car¬ 
tel,  which  is  accused  of  taking  an  Anonymous  participant  captive. 

Duqu:  Something  we’re  not  looking  forward  to 

The  virus  known  as  Duqu  hit  the  security  stage  in  October  when 
the  Hungarian  research  laboratory  CrySyS  shared  its  analysis  of 
the  new  threat  with  the  world’s  top  antivirus  vendors.  Security 
vendor  Kaspersky  Lab  then  identified  infections  with  the  new 
Duqu  malware  in  Sudan  and,  more  important,  in  Iran,  the  main 
target  of  the  Trojan’s  predecessor  —  Stuxnet.  Believed  to  be  closely 
related  to  the  Stuxnet  industrial  sabotage  worm,  from  which  it  bor¬ 
rows  code  and  functionality,  Duqu  is  a  flexible  malware  delivery 
framework  used  for  data  exfiltration. 

The  main  Trojan  module  has  three  components:  a  kernel  driver, 
which  injects  a  rogue  library  (DLL)  into  system  processes;  the  DLL 
itself,  which  handles  communication  with  the  command-and- 
control  server  and  other  system  operations,  like  writing  registry 
entries  or  executing  files;  and  a  configuration  file. 

CrySyS  ultimately  released  a  toolkit  to  detect  and  remove  the 
virus  from  affected  systems.  Microsoft  too  released  a  Fix-it  tool  to 
allow  Windows  users  to  manually  patch  their  systems  to  thwart 
the  Duqu  threat.  Duqu  is  believed  to  have 
been  created  for  targeted  attacks  against 
organizations  and  it  is  likely  the  malware 
will  be  a  big  story  in  2012. 

10  Days  of  Rain 

A  multi-tiered  botnet  attacked  South 
Korean  computers  for  10  days  in  March, 
proving  to  be  a  stubborn  force  that 
couldn’t  be  taken  down.  Then  suddenly  it 
just  stopped,  with  the  malware  delivering 
a  coup  de  grace  to  the  zombie  machines 
that  destroyed  files  and  rendered  the 
machines  unbootable.  Security  experts 
at  McAfee  say  the  attack  was  launched 
from  North  Korea,  and  that  its  level  of 
sophistication  —  40  command  and  control 
servers,  code  updates  to  thwart  detection, 
multiple  encryption  schemes  —  was  far 
beyond  what  was  needed  to  run  an  effec¬ 
tive  distributed  DoS  attack.  McAfee’s  spin: 
10  Days  of  Rain  was  a  reconnaissance 
mission  designed  to  gauge  how  and  how 
quickly  South  Korea’s  government  and 
military  contractors  would  react  --  valu¬ 
able  information  for  a  later,  truly  damag¬ 
ing  attack.  ■ 
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Microsoft:  Smart  and  dumb  moves 


BY  JULIE  BORT 


Love  it  or  hate  it,  Microsoft  is  a  company 
that  brings  out  strong  emotions  in  just 
about  every  IT  professional.  With  2011 
about  to  end,  it  is  time  for  our  picks  of  some 
of  smartest  moves  this  powerful  software 
company  made  this  year  —  and  some  of  the 
moves  we’d  say  were  not  so  bright. 


SMART 


1»  Windows  8 

If  Microsoft  wants  Windows  to  remain  a 
consumer  favorite  it  has  to  break  loose  of 
the  one  thing  that  has  been  both  its  biggest 
strength  and  biggest  weakness:  backward 
compatibility  of  aging  Windows  software. 
While  it’s  amazing  that  users  can  still  run 
16-bit  Windows  apps  developed  for  Win¬ 
dows  3.1  on  their  Windows  7  machines, 
the  need  to  support  this  decrepit  popula¬ 
tion  of  old  Windows  apps  has  also  stran¬ 
gled  Windows’  ability  to  remake  itself. 
With  Windows  8,  Windows  7  apps  will 
remain  compatible  on  Intel-based  PCs, 
but  a  whole  new  crop  will  be  created  for 
the  new  Metro-style  UI.  The  trade-off  in 
asking  people  to  ditch  their  ancient  soft¬ 
ware  is  that  Windows  8  apps  promise  to 
be  much  less  expensive  —  more  in  line 
with  smartphone  app  prices  than  tradi¬ 
tional  fat  client  prices. 

.  Killing  botnets 

In  2011,  Microsoft  continued  on  its  spam¬ 
fighting  mission  by  taking  down  botnets. 
By  petitioning  U.S.  courts  to  shut  down 
Internet  domains,  Microsoft  was  able  to 
put  the  squeeze  on  the  Kelihos  and  Rus- 
tock  botnets  just  as  it  had  hampered  Wale- 
dac  in  2010. 

3.  Buying  Skype 

At  $8.5  billion,  Microsoft’s  buy  of  Skype 
was  one  of  the  largest  acquisitions  in 
the  software  industry  this  year.  While 
it  remains  a  little  mysterious  as  to  why 
Microsoft  wanted  Skype  when  it  already 
had  Lync,  Skype  gives  Microsoft  instant 
access  to  a  broad  base  of  consumers  eager 


to  IM,  chat  and  videoconference  across 
their  work  PCs,  game  consoles  and  smart¬ 
phones.  During  the  acquisition  press 
conference,  Steve  Ballmer  promised  that 
Skype  would  continue  to  be  supported  on 
all  devices. 

4 .  Everything  Kinect 

Although  Kinect  technically  launched  in 

2010  (November),  Microsoft  did  every¬ 
thing  right  with  it  in  2011,  including 
encouraging  Kinect  hacks  by  releasing 
an  SDK  for  noncommercial  uses  and  sup¬ 
porting  10  Kinect  startups.  Kinect  has 
made  Microsoft  cool  again  to  a  whole  new 
generation  of  gamers  and  young  technol¬ 
ogy  users. 

5i  Championing  HTML5 

2011  was  the  year  that  Microsoft  finally 
recognized  that  the  “built  it  here”  attitude 
is  a  poor  choice  for  everyone  —  particu¬ 
larly  its  developers  —  when  it  comes  to 
Internet  applications.  Microsoft’s  backing 
of  HTML5  started  as  a  whisper  and  grew 
to  a  full-throated  cry  by  the  time  Microsoft 
demonstrated  Windows  8  and  Internet 
Explorer  10  at  its  BUILD  conference. 


1.  Android  racket 

Running  a  Mafia-like  Android  patent  pro¬ 
tection  scheme  never  creates  goodwill  in 
the  market  place,  and  often  invites  govern¬ 
ment  oversight  and  giant  fines.  Now  it’s 
true  that  at  least  some  of  Microsoft’s  pat¬ 
ent  licenses  involving  Android  were  also 
broad  cross-patent  license  agreements 
with  longtime  hardware  partners  (like 
Samsung).  But  by  suing  Barnes  &  Noble, 
Microsoft’s  plans  are  being  exposed. 
Those  plans  indicate  that  Microsoft  is  try¬ 
ing  to  force  all  makers  of  Android  devices 
to  pay  it  relatively  exorbitant  fees. 

2m  Windows  8  secure  boot 
controversy 

Microsoft  again  inflamed  open  source 
advocates  when  it  told  Windows  8  hard¬ 
ware  makers  that  they  would  be  required 
to  implement  the  next-generation  boot 
specification  in  its  “secure”  mode.  That 
spec  is  known  as  the  Unified  Extensible 


Firmware  Interface.  When  UEFI  is  in 
secure  mode,  it  uses  PKI  to  prevent  users 
from  loading  operating  systems  and  driv¬ 
ers  onto  a  device.  In  other  words,  it  could 
prevent  device  owners  from  installing 
Linux. 

3i  Windows  cloud 

Be  it  Microsoft’s  cloud  or  its  latest,  greater 
browser,  Microsoft  remains  abysmally 
slow  in  recognizing  non-Windows  plat¬ 
forms.  Interestingly,  Microsoft  executives 
have  actually  been  making  campaign 
promises  about  cloud  apps  working  on  any 
device  and  on  any  operating  system.  For 
instance,  in  a  recent  webcast,  Microsoft’s 
Brad  Anderson  said,  “Every  service  we 
build  on  the  cloud  can  run  on  every  device.” 
He  then  pointed  to  Windows  Intune  as  the 
example.  Intune  is  Microsoft’s  managed 
software  distribution  and  security  moni¬ 
toring  service  released  in  early  2011  and 
upgraded  in  November.  Anderson  said 
that  Intune  “enables  users  to  work  on  any 
device”  and  that  if  Microsoft  is  going  to  be 
able  to  “deliver”  on  the  cloud,  it  can’t  just  be 
for  Windows  but  “has  to  be  any  device  and 
that’s  our  strategy.”  But  Windows  Intune 
currently  only  supports  Windows  —  and 
only  Windows  PCs  running  XP,  Vista  and 
Windows  7,  not  even  Windows  Phone  7. 

4.  Sloth-like  speed 

toward  tablets 

The  world  isn’t  waiting  until  Windows  8 
to  buy  tablets.  Despite  touch  support  in 
Windows  7  and  a  10-month-old  partner¬ 
ship  with  mobile  hardware  maker  Nokia, 
Microsoft  is  still  a  near  no-show  in  the 
tablet  market.  Forrester  has  even  gone  so 
far  as  to  say  that  by  the  time  Windows  8 
arrives,  Microsoft  will  have  relinquished 
the  market  to  others,  including  price/per¬ 
formance/feature  expectations. 

5-  Missteps  with  Office  365 

In  2011,  Microsoft  released  an  upgraded 
version  of  its  Business  Productiv¬ 
ity  Online  Standard  Suite  (BPOS)  and 
dubbed  it  Office  365.  However,  Office  365 
rolled  out  with  less  than  a  perfect  set  of 
features  (beta  testers  had  complained 
about  limitations  in  importing  contacts 
for  shared  global  address  lists,  and  the 
requirement  to  use  the  complicated  Pow- 
erShell  to  perform  tasks  they  felt  should 
be  simple).  ■ 
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Big  events  that  shaped  Cisco  in  2011 


BYJIM  DUFFY 


2011  WAS  a  tumultuously  transitional 
year  for  Cisco.  The  company  came  to  the 
realization  that  its  strategy  for  growth  by 
entering  new  markets  spread  it  too  thin, 
distracted  it  from  core  markets  and  hurt 
profits.  It  cost  thousands  of  employees 
their  jobs  and  forced  Cisco  to  scale  back 
on  its  aggressive  growth  plans.  Cisco  also 
looked  to  protect  and  gain  share  against 
HP  and  Juniper  while  honing  its  structure 
to  be  more  responsive  to 
customers.  These  and  other 
events  listed  below  helped 
define  Cisco  in  2011  and 
reshape  it  for  the  future: 


January  _ 

©  Upping  the  Internet 
TV  ante  with  competi¬ 
tors  Google,  Microsoft  and  Apple,  Cisco 
unveiled  its  Videoscape  products  and 
strategy  at  the  Consumer  Electron¬ 
ics  Show.  Videoscape  is  a  cloud-based 
platform  targeted  at  service  providers 
looking  to  offer  video  services  as  a  new 
revenue  stream.  It  is  designed  to  combine 
digital  TV,  online  content,  social  media 
and  other  communications  applications 
into  an  all-inclusive  home  and  mobile 
video  session. 

February 

©  Cisco  reports  a  disappointing  second 
quarter  in  which  revenue  and  prof¬ 
its  in  Ethernet  switching  drop  amid 
a  challenging  product  transition  and 
distraction  from  adjacent  markets,  like 
consumer.  ©  In  an  effort  to  streamline 
operations,  Cisco  names  Gary  Moore  as 
its  first  COO,  a  post  CEO  John  Chambers 
says  he’s  been  lobbying  to  fill  for  10  years 
despite  the  coincidental  timing  with 
profitability  issues. 

March 

©  Cisco  hosts  its  Partner  Summit  in  New 


Orleans  where  Chambers  admits  that 
the  switching  product  transition  issues 
caught  the  company  by  surprise.  ©  Also, 
word  leaks  out  that  Cisco  is  developing 
an  additional  fabric  switch  line  to  Nexus, 
under  the  code-name  “Jawbreaker.”  Jaw¬ 
breaker  will  use  merchant  silicon  instead 
of  custom  ASICs,  sources  say,  adding  that 
it’s  a  response  to  Juniper’s  QFabric  launch. 

April 

©  Chambers  issues  a  memo  to  staff  stat¬ 
ing  that  Cisco’s  lost  focus,  momentum 
and  credibility  after  a  couple  of  disap¬ 
pointing  quarters.  He  acknowledges  in 
the  memo  that  Cisco  is  flawed,  has  failed 
to  execute  and  been  slow  to  make  deci¬ 
sions  over  the  past  couple 
of  quarters,  and  prepares 
employees  for  some  major 
changes  to  come.  ©  Major 
changes  do  subsequently 
come,  as  Cisco  restructures 
its  consumer  business,  drop¬ 
ping  the  Flip  video  camera, 
dispersing  its  Eos  media  and 
entertainment  operating  sys¬ 
tem  technology,  merging  its 
Umi  consumer  TelePresence 
system  with  its  business  TelePresence 
operations,  and  cutting  550  jobs. 

May 

©  Cisco  streamlines  operations,  revamp¬ 
ing  its  sales,  services  and  engineering 
organizations,  and  trimming  its  council- 
based  management  structure  and  lines 
of  businesses.  This  is  done  in  an  effort  to 
simplify  operations  and  speed  decision¬ 
making.  ©  Cisco  also  reports  an  18%  drop 
in  net  income  in  the  third  quarter,  and 
Chambers  reiterates  that  the  company  still 
has  its  work  cut  out  for  it. 

June 

©  In  an  effort  to  block  inroads  from  Arista 
and  IBM,  Cisco  announces  its  “high- 
performance  trading  fabric”  anchored  by 
the  Nexus  3000  line  and  the  Nexus  5500. 
Cisco  claims  these  switches  outperform 
Arista  and  IBM  switches,  obtained  from 
its  acquisition  of  Blade  Network  Technolo¬ 
gies,  in  latency  and  jitter. 

July 

©  Cisco  eliminates  6,500  positions  in  its 
continuing  efforts  to  streamline  operations 


and  regain  lost  profitability,  the  largest 
layoff  in  the  tech  industry  in  2011.  Cisco 
also  sells  a  cable  set-top  box  manufactur¬ 
ing  facility  in  Mexico,  eliminating  another 
5,000  Cisco  jobs.  Combined  with  the  550 
positions  cut  with  the  consumer  business 
restructuring  in  April,  Cisco  has  shed 
more  than  12,000  employees.  ©  Cisco 
adds  life  to  its  aging  Catalyst  6500  switch 
by  unveiling  a  2Tbps  supervisor  engine  for 
the  most  successful  switch  in  Cisco’s  his¬ 
tory.  The  upgrade  kicks  off  a  war  of  words 
with  rival  HP. 

August 

©  Cisco  reports  fourth  quarter  results  that 
beat  its  and  Wall  Street’s  expectations, 
even  though  the  switching  business  con¬ 
tinues  to  struggle.  ©  Cisco  releases  results 
of  a  study  that  indicate  that  people  30  and 
younger,  either  working  or  in  school,  con¬ 
sider  Internet  access  to  be  as  vital  to  their 
lives  as  air,  food  and  water.  The  findings 
stoke  the  debate  on  whether  offices  are 
necessary  in  an  age  where  employees  can 
work  from  anywhere  as  long  as  they  have 
Internet  access. 

October 

©  Cisco  launches  a  major  upgrade  to  its 
Nexus  7000  switch  with  Fabric  2,  which 
takes  it  to  15Tbps.  ©  Cisco  also  collabo¬ 
rates  with  data  center  and  switching  rival 
HP  to  develop  a  blade  switch  for  HP’s 
BladeSystem  servers.  ©  While  collabo¬ 
rating  with  its  rival,  Cisco  also  criticizes 
HP.  It  issues  a  memo  slamming  HP’s 
consideration  of  exiting  the  PC,  tablet 
and  smartphone  businesses,  and  the 
detrimental  effect  it  will  have  on  the  com¬ 
pany’s  networking  business.  The  memo 
is  intended  to  arm  Cisco’s  sales  force  with 
some  competitive  ammunition  and  is 
another  display  of  Cisco’s  reinvigorated 
aggressiveness  as  it  looks  to  recover  lost 
momentum  in  previous  quarters. 

November 

©  Cisco  blogs  a  challenge  to  HP  to  cease 
litigation  against  employees  who  leave  the 
company  to  work  elsewhere. 

December 

©  Cisco  announces  CloudVerse,  a  package 
of  new  and  existing  products  for  customers 
looking  to  implement  public,  private  and 
hybrid  cloud  computing  environments.  ■ 
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►  Virtualization,  from  page  1 

What  are  some  of  the  key 
differences  between  the  various 
hypervisor  camps  at  this  point? 

KIM:  One  of  the  differences  between  pro¬ 
prietary  products  and  the  open  source  hyper¬ 
visors  is  we’re  seeing  a  more  rapid  pace  of 
innovation  around  open  source  technologies 
and,  in  conjunction  with  that  open  develop¬ 
ment  model,  more  complementary  modules 
and  service  and  support  options. 

GILLEN:  I’m  the  first  one  to  agree  that  open 
source  solutions  tend  to  rev  very  quickly  and 
that’s  important  in  certain  market  segments, 
but  enterprise  customers  frankly  don’t  want 
to  have  that  kind  of  change  pushed  at  them. 
They  don’t  download  the  open  source  bits 
themselves,  they  go  to  a  commercial  provider 
like  SUSE  or  Red  Hat  or  Oracle  and  get  a  com¬ 
mercially  supported  product.  It’s  not  because 
customers  don’t  want  innovation;  they  just 
can’t  really  embrace  the  innovation  as  quickly 
as  it  comes. 

JOLLANS:  The  big  change  happened 
around  2005  when  we  started  to  see  hard¬ 
ware  support  for  virtualization  in  x86  pro¬ 
cessor  lines  from  both  Intel  and  AMD.  Before 
that,  doing  virtualization  on  x86  was  actu¬ 
ally  quite  difficult.  With  hardware  support, 
it  became  a  lot  easier,  which  opened  up  the 
opportunity  for  many  more  hypervisors  in 
the  marketplace  and  really  set  the  stage. 

What  would  encourage  someone 
to  use  a  proprietary  hypervisor  vs. 
one  of  the  open  source  tools? 

GILLEN:  There  are  a  couple  of  things  that 
drive  customers  to  choose  a  hypervisor  and 
it’s  not  always  about  the  best  technology.  In 
many  cases  customers  chose  a  hypervisor 
based  on  the  fact  that  they  have  multiple  plat¬ 
forms  and  they  try  to  pick  a  common  denomi¬ 
nator;  one  infrastructure  that  will  support  all 
of  the  servers  they  wish  to  virtualize. 

In  other  cases  customers  are  going  to  make 
a  decision  based  on  the  relationship  between 
the  hypervisor  and  the  operating  system  they 
use,  meaning  they  may  choose  a  product  from 
the  same  vendor  so  they  have  a  single  stack  of 
software.  In  some  cases  you  find  customers 
making  decisions  influenced  by  their  longer- 
term  cloud  infrastructure  plans.  So  it  really 
comes  down  to  what  their  infrastructure 
looks  like,  what  their  background  is,  what 
their  experience  has  been  and  where  their 
roadmap  is  going. 

is  it  a  given  that  large  enterprises  will 
end  up  with  a  bunch  of  hypervisors? 

GILLEN:  We  see  that  happening  today. 
In  general,  customers  don’t  want  to  have 
three  or  four  hypervisors,  but  we  see  them 


increasingly  having  more  than  one.  Many 
customers  that  made  early  commitments  to 
VMware,  because  it  was  in  the  market  first, 
are  adding  other  hypervisors  around  the 
periphery  for  workloads  they  feel  are  better 
suited  for  the  alternate  hypervisors.  In  other 
cases  customers  are  looking  at  the  possibil¬ 
ity  of  a  long-term  move  from  one  hypervisor 
product  to  another,  so  they  begin  to  test  and 
deploy  another  hypervisor  and  get  some 
experience  with  it  and  see  if  it’s  going  to  work 
for  them.  As  a  general  rule,  I  would  argue  that 
most  customers  don’t  want  to  have  any  more 
diversification  than  they  absolutely  have  to. 

KIM:  I  would  echo  a  lot  of  what  A1  is  say¬ 
ing,  but  for  some  customers  the  need  for  cer¬ 
tain  features  on  the  management  side  will 


dictate  the  choice.  Other  times  we  see  custom¬ 
ers  choosing  a  particular  hypervisor  based 
on  their  tolerance  to  risk  and  their  desire  to 
avoid  lock-in  with  a  proprietary  vendor.  And 
of  course  sometimes  we  see  customers  mak¬ 
ing  their  choice  based  on  price  or  value,  how 
much  they  think  they  can  get  for  what  they’re 
paying.  For  example,  some  of  the  licensing 
we  offer  is  appealing  to  customers  because 
they  can  run  an  unlimited  number  of  virtual 
guests  with  one  server  subscription. 

JOLLANS:  We’re  also  going  to  see  an  evo¬ 
lution  over  time  from  the  ability  to  manage 
multiple  hypervisors  to  being  able  to  manage 
the  whole  virtual  machine  portfolio  from  one 
pane  of  glass.  So  whether  you’re  managing 
VMware  or  Xen  or  KVM,  you  want  to  be  able 
to  have  a  view  of  all  the  virtual  machines  in 
your  enterprise. 

Are  there  large  differences  in 
the  capabilities  supported  by 
the  different  toolsets? 

GILLEN:  You’ll  find  there  are  differences 
and  the  differences  are  somewhat  subtle. 
Sometimes  it  comes  down  to,  for  example, 
do  you  have  the  ability  to  extend  directory 
or  federate  into  a  cloud.  Do  you  have  the  abil¬ 
ity  to  move  blocks  of  IP  addresses  and  bring 
storage  from  one  set  of  services  to  another, 
and  how  these  things  are  implemented  differ 
from  vendor  to  vendor.  Some  management 
and  cloud  infrastructures  are  more  suited 
to  certain  types  of  environments.  So,  for 
example,  if  you’re  looking  at  a  System  Center 
management  infrastructure  you’re  going  to 
find  it  works  a  little  better  with  a  Microsoft 
environment. 


At  the  same  time,  if  you’ve  got  a  very 
mixed  environment  where  you’ve  got  two 
different  flavors  of  Linux  and  Windows  in 
the  same  infrastructure,  in  many  cases  that’s 
the  type  of  environment  where  custom¬ 
ers  have  a  natural  tendency  to  look  toward 
VMware  because  VMware  is  seen  as  having 
less  of  a  platform  agenda. 

Kerry,  you  have  a  take  on  that? 

KIM:  Our  business  strategy  has  been  to 
support  customer  choice  in  terms  of  the  man¬ 
agement  platforms  that  they  want  to  use. 
So  we’re  on  the  operating  system  and  infra¬ 
structure  layer  and  support  various  third- 
party  tools,  whether  they’re  open  source  or 
proprietary. 


JOLLANS:  In  terms  of  the  management 
of  hypervisors  the  homogenous  vs.  hetero¬ 
geneous  is  one  of  the  key  points.  My  expec¬ 
tation  is  it’s  going  to  get  more  heterogeneous 
than  less  heterogeneous.  Either  the  VMware 
tools  need  to  be  able  to  manage  other  hypervi¬ 
sors  or  you’ll  have  to  turn  to  tools  like  IBM’s 
VMControl,  which  can  start  to  manage  mul¬ 
tiple  hypervisors.  Now,  in  a  cloud  you  possi¬ 
bly  have  a  pure  environment  because  you’re 
going  to  optimize  by  standardization.  If 
you’re  an  enterprise  IT  center  it  will  probably 
be  heterogeneous  because  the  rest  of  the  data 
center  tends  to  be  heterogeneous  anyway. 

There  had  been  a  battle  brewing 
between  Xen  and  KVM,  but  with  the 
recent  decision  to  add  Xen  to  the  Linux 
core  (KVM  is  already  there),  some  of 
that  has  evaporated.  What  do  you  folks 
make  of  this  recent  development? 

GILLEN:  Over  the  long  term  it’s  more 
sustainable  to  have  the  hypervisor  built  into 
the  operating  system  simply  because  you 
don’t  have  dual  sets  of  development  going 
on;  you  don’t  have  to  develop  a  set  of  drivers 
for  every  new  piece  of  hardware  that  comes 
out.  But  commercial  support  for  Xen  has 
waned  somewhat.  Although  Xen  is  the  third 
most  widely  used  hypervisor,  the  problem 
is  there’s  no  one  single  version  of  Xen  used 
across  these  different  places.  Over  time,  it’s 
going  to  be  more  and  more  difficult  to  sustain 
that  Xen  development  effort.  I’m  not  suggest¬ 
ing  Xen  folds  up  shop  and  goes  home  a  year  or 
two  years  from  now.  It’s  a  safe  bet  Xen’s  going 
to  stay  around  for  the  rest  of  the  decade. 

JOLLANS:  A  lot  of  this  is  about  the 


M  M  Going  forward  we’re  also  going  to  find 
II  more  hypervisor  decisions  being  driven 
by  the  management  tools  people  want  to  use.” 


AL  GILLEN,  ANALYST,  IDG 
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M  M  One  of  the  fun  things  about  this  industry 
■■is  how  fast  the  technologies  move 
because  the  rapid  refresh  rate  represents 
opportunities  for  new  technology  to  come  in.” 


ADAM  JOLLANS,  PROGRAM  DIRECTOR,  IBM 


community  and  about  the  ecosystem.  If  Xen 
diverts  into  multiple  code  bases  then  you 
don’t  get  the  same  sort  of  community  effects 
here.  With  KVM,  along  with  SUSE  and  Intel 
and  HP  and  Red  Hat  and  a  number  of  others, 
we  put  together  a  couple  of  groups  recently: 
the  Open  Virtualization  Alliance,  which  is 
looking  at  how  do  you  educate  the  market 
about  KVM,  and  more  recently  oVirt,  which 
is  about  getting  virtualization  management 
to  a  common  code  base  as  well.  So  if  you  can 
hold  the  communities  together  and  develop 
a  single  code  base,  then  long  term  you’ve  got 
a  much  better  future  than  if  it  diverges  into 
several  code  bases. 

How  hard  will  it  be  for  the 
rest  of  the  camps  to  make 
headway  against  VMware? 

GILLEN:  I  don’t  know  if  that’s  the  right 
way  to  think  about  it.  We  don’t  see  companies 
going  in  and  ripping  out  VMware  and  replac¬ 
ing  it  with  KVM  or  something  else.  We  see 
customers  over  time  start  to  implement  sec¬ 
ondary  hypervisors.  In  fact,  getting  VMware 
out  once  it’s  in  is  very  challenging. 

JOLLANS:  One  of  the  fun  things  about 
this  industry  is  how  fast  the  technologies 
move  because  the  rapid  refresh  rate  repre¬ 
sents  opportunities  for  new  technology  to 
come  in.  As  people  bring  in  new  servers,  for 
example,  there  comes  the  question,  should 
we  continue  with  the  existing  hypervisor 
structure  or  do  we  now  think  this  is  a  time 
to  change  to  a  new  hypervisor  strategy?  So 
the  market  shares  can  change  and  the  whole 
dynamics  of  the  industry  move  simply 
because  the  refresh  rate  is  happening. 

GILLEN:  If  we  dial  out  eight  or  10  years 
from  now  you’re  not  going  to  see  VMware 
has  contracted  to  30%  of  the  market  and 
everybody  else  is  70%.  It’s  going  to  be  more  a 
matter  of  the  hypervisor  market  as  we  think 
of  it  today  will  still  exist,  but  the  cloud  market 
will  have  grown  enough  that  it  will  become 
the  metric  we’re  measuring. 

KIM:  It’s  similar  to  what  we  saw  with  the 
adoption  of  Linux.  It  isn’t  necessarily  a  dis¬ 
placement,  although  we  have  seen  some  spe¬ 
cific  examples  of  platform  migrations.  It  is 
more  net  new  growth,  organ¬ 
ically  growing  the  enterprise 
data  center  around  the  solu¬ 
tions  that  drive  the  business. 

That’s  why  we’ve  chosen  our 
particular  strategy  to  adopt 
support  for  multiple  hyper¬ 
visor  technologies,  as  well  as 
in  general,  pursue  a  strategy  that  incorporates 
support  for  mixed  IT  environments. 

JOLLANS:  An  interesting  question  is, 
does  the  hypervisor  commoditize?  Looking 


out  five,  10  years,  there’s  all  sorts  of  possible 
ways  it  could  commoditize.  You  could,  for 
example,  see  the  hypervisor  included  with 
every  operating  system.  There’s  affinity 
between  KVM  and  Linux  and  affinity  between 
Hyper-V  and  Windows,  which  could  tend  to 
drive  that.  You  could  see  the  hypervisor  go 
down  into  the  hardware  so  that  every  server 
comes  with  a  hypervisor  embedded  in  it,  in 
which  case  it’s  commoditized  in  that  aspect.  Or 
you  could  see  it  continue  to  be  an  independent 
hypervisor,  or  a  mixture  of  all  three.  These 
dynamics  are  going  to  shape  the  market  and 
I’m  not  sure  we  see  how  that  plays  out. 

GILLEN:  Hypervisors  will  continue  to 
commoditize  and  going  down  to  the  hard¬ 
ware  is  absolutely  what  they  have  to  do. 
That’s  where  the  hypervisor  technology 
belongs  long  term. 

How  will  that  change  the 
whole  environment? 

GILLEN:  I  would  argue  that  it  doesn’t 
really  change  the  game  at  all  because  it’s 
not  the  hypervisor  that  defines  the  winners 
or  losers,  but  rather  the  software  that  goes 
around  the  hypervisor  that  gives  you  the 
management  capabilities.  It’  gives  you  the 
services  and  self  provisioning  capabilities. 
It  gives  you  the  capabilities  of  building  out 
a  single  image  cloud  that  allows  your  next 
generation  applications  to  run.  Those  are  the 
kinds  of  things  that  really  are  going  to  shape 
the  future. 

So,  your  cloud  provider  might  have 
one  kind  of  hypervisor,  some  servers 
you  buy  may  come  with  another, 
and  some  special  application 
somewhere  else  may  have  a  third ... 

GILLEN:  Yeah,  I  think  that’s  a  fair  way 
to  look  at  it.  What  does  a  hypervisor  do?  It 
provides  a  virtual  image  of 
what  looks  like  a  piece  of 
hardware  to  the  operating 
system  that  runs  on  it,  so  do 
I  really  care  if  it’s  Brand  A, 
Brand  B  or  Brand  C  hyper¬ 
visor.  As  long  as  it  looks 
like  an  x86  server  to  me  my 
operating  system  is  happy.  Where  the  differ¬ 
entiation  comes  in  is  the  things  that  manage 
and  do  things  with  those  guest  operating  sys¬ 
tems  and  the  hypervisor  itself. 


What  kind  of  developments  do  you 
expect  in  the  next  12  months? 

GILLEN:  We’re  seeing  a  lot  of  interest 
around  private  cloud.  Over  the  next  year 
customers  are  going  to  be  making  some 
commitment  to  what  their  private  cloud 
strategy  is  going  to  look  like,  which  means 
vendors  need  to  make  sure  those  customers 
understand  their  road  map  for  delivering 
private  cloud  functionality.  So  the  discus¬ 
sion  really  starts  to  elevate  above  the  hyper¬ 
visor  and  it  starts  to  be  more  about,  “OK,  tell 
me  what  you  can  do  to  fill  out  my  private 
cloud  story.” 

The  second  thing  is  that  KVM  has  argu¬ 
ably  hit  mainstream  and  we  see  it  as  being 
very  acceptable  for  customers  to  deploy. 
Now,  will  that  mean  a  real  rush  to  KVM? 
The  answer  is  no.  We’ve  been  talking  all 
along  here  about  how  it  becomes  an  evolu¬ 
tionary  play  rather  than  a  revolutionary 
play.  So  we  would  expect  to  see  customers 
who  deploy  commercially  supported  Linux 
deploy  more  and  more  KVM  with  those 
Linux  installations. 

The  third  thing  that’s  going  to  happen 
in  2012  is  that  Microsoft  is  going  to  bring 
out  the  next  release  of  Hyper-V  as  part  of 
Windows  Server  8.  Microsoft  has  made  a 
lot  of  improvements  in  their  product. 
They’re  going  to  come  forward  with  a  prod¬ 
uct  that’s  pretty  feature  rich  and  pretty 
capable. 

JOLLANS:  I  also  expect  to  see  the  vir¬ 
tualization  management  tools  for  KVM 
maturing  with  a  number  of  initiatives  to 
fill  out  that  space.  We’re  going  to  see  hyper¬ 
visors  become  a  standard  part  of  the  oper¬ 
ating  system.  And  we’re  going  to  start  to 
see  also  people  exploring  nested  virtualiza¬ 
tion,  which  is  something  that  is  just  come 
into  the  Linux  kernel.  We’ve  been  doing 
a  number  of  research  projects  with  those 
machines  inside  virtual  machines  which,  for 
scenarios  like  moving  clouds  about,  could 
actually  bring  some  benefits. 

KIM:  I  would  echo  the  things  that  A1  and 
Adam  have  said  about  the  evolution  of  the 
tools,  the  coexistence  of  the  various  tech¬ 
nologies.  Without  going  into  a  lot  of  detail, 
you'll  also  see  fruits  of  our  technical  collabo¬ 
ration  with  Microsoft  that  extend  beyond 
virtualization  to  some  of  the  cloud  solutions 
Microsoft  will  be  bringing  out.  ■ 


©  Head  online  to 
read  the  entire  interview. 
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IT  groups  reveal  best 
enterprise  tablet  tricks 


BY JOHN  COX 

NEW-GENERATION  TABLETS  are  being 
adopted  en  masse  by  enterprises,  despite  the 
lack  of  any  support  infrastructure  from  the 
manufacturers.  Many  enterprise  users,  and 
IT  groups,  are  making  determined  efforts  to 
secure  and  manage  tablets  with  whatever 
tools  are  available. 

We  talked  with  IT  pros  and  executives 
from  three  companies  (see  chart)  that  have 
deployed  tablets,  and  what  follows  is  a  sum¬ 
mary  of  their  experiences  to  date. 


IHow  do  you  get  tablet  apps 
■  your  end  users  need? 

All  three  of  the  deployments  here  were  at 
least  initially  built  around  one  mission-crit¬ 
ical  application. 

Bayada  was  actually  piloting  a  Windows 
Phone-based  version  of  the  HCHB  applica¬ 
tion  (which  requires  an  on-device  database), 
when  the  vendor  introduced  the  Android 
tablet  version.  Bayada  quickly  shifted  to  the 
tablet. 

“When  we  went  live  on  the  [larger- 
screened]  tablets,  the  training  time,  the  user 
satisfaction,  the  whole  mood  [of  our  employ¬ 
ees]  was  totally  different,”  says  David  Baiada, 
division  director  and  practice  leader  for  Baya- 
da’s  Skilled  Visit  Services. 

When  Hawthorn  Pharmaceuticals  discov¬ 
ered  that  iPoint  was  being  ported  to  Apple 
iOS,  the  company  asked  the  software  vendor 
to  speed  up  development. 

“We  were  maxed  out  on  the  iPaq,”  says  Clay 
Hilton,  director  of  information  technology. 
“We  wanted  to  do  more.  We  wanted  to  gather 
additional  data.” 

Ottawa  Hospital,  an  early  adopter  of  the 
original  iPad,  was  ahead  of  its  software  ven¬ 
dors.  It  turned  to  outside  software  develop¬ 
ment  shops,  through  an  RFP  process.  CIO 
Dale  Potter  insisted  that  the  developer  pro¬ 
vide  a  full-time  ergonomics  expert  for  the 
application  design  process,  so  that  the  app’s 
screen  flows  matched  and  mirrored  the 
workflows  of  end  users.  The  hospital  also 
made  the  decision  to  invest  heavily  in  inter¬ 
nal  iOS  development:  There  are  now  close  to 
70  programmers. 

“Cross-platform  development  is  an  expen¬ 
sive  proposition,”  says  Greg  Jenko,  executive 
director,  mobility  services  for  Accenture, 
the  big  IT  consultancy  and  systems  integra¬ 
tor.  “CIOs  with  BlackBerries,  Androids  and 


iPhones  are  not  going  to  invest  in  developing 
for  all  three.  They’ll  pick  one.  The  iPad  is  the 
one  today.” 


2  How  big  a  problem  is  tablet 
■  security? 

All  three  companies  take  tablet  security  seri¬ 
ously,  yet  none  ran  into  any  stonewalls.  The 
general  consensus:  Tablet  security  is  man¬ 
ageable,  if  you  manage  it. 

Potter  is  blunt.  “Security  is  grossly  over¬ 
rated  as  a  topic,”  he  says.  In  the  case  of 
Ottawa,  very  little  data  is  stored  on  the  tab¬ 
let.  In  fact,  his  analogy  is  that  the  iPads  are 
like  TV  screens:  All  information  is  streamed 
to  the  device.  When  the  user  logs  off,  every¬ 
thing  is  flushed  from  memory.  “And  there 
are  all  kinds  of  security  strategies  that  can 
be  applied  to  the  device,  such  as  providing 
strong  passwords,”  he  says. 

It  was  a  harder  transition  for  Hawthorn’s 
Hilton. 

“I  cringed  at  the  thought  of  purchasing  for 
our  sales  force  100  devices  running  iTunes,” 
he  admits.  “I  was  used  to  a  certain  amount  of 
control  [over  client  devices].  This  was  outside 
my  comfort  zone.” 

Hawthorn  makes  use  of  some  of  the  secu¬ 
rity  features  in  Fiberlink’s  MaaS360  man¬ 
agement  application,  such  as  automatically 
locking  the  screen  or  wiping  the  device  after 
a  set  number  of  failed  logon  attempts.  Haw¬ 
thorn  doesn’t  use  VPNs  for  the  iPads,  in 
part  because  so  much  of  the  tablet’s  usage  is 
Web-based. 

“We’ve  got  a  sales  [department]  extranet, 
a  Web  portal  accessed  with  username/pass¬ 
word,”  he  says.  “Seventy-five  percent  of  our 
employees  never  touch  the  corporate  LAN.” 

Bayada  relies  on  a  framework  of  controls 
and  application-level  security  to  safeguard 
personal  health  information,  says  Baiada. 
The  tablet’s  SIM  card  can  be  remotely  dis¬ 
abled  if  the  device  is  lost  or  stolen.  “We 
wanted  to  start  ‘open’  and  then  restrict  as 
needed,”  he  says. 

Can  you  secure  a  corporate  iPad  to  the 
degree  you  can  a  corporate  laptop? 

“You  can  get  pretty  dang  close,”  says 
Accenture’s  Jenko.  Passwords,  a  range  of 
enforceable  password  policies,  and  the  grow¬ 
ing  security  capabilities  of  mobile  device 
management  applications,  are  all  necessary 
elements.  “The  biggest  challenge  is  that  it’s  a 
completely  different  set  of  tools  from  those 
used  with  laptops,”  he  says. 


Early  tablet  adopters 
in  the  enterprise 

BAYADA  NURSES 

A  Moorestown,  N.J.,  company  that 
provides  nursing  and  other  home- 
based  healthcare  services.  It  has 
14,000  nurses,  aides,  therapists  and 
social  workers,  based  in  52  branch 
offices  in  20  states.  It  has  rolled  out 
2,000  Android-based,  7-inch  Sam¬ 
sung  Galaxy  Tabs  so  far. 

Main  application:  Homecare 
Homebase  (HCHB),  www.hchb.com, 
a  Web-based  app  for  managing  and 
reporting  on  home-delivered  services 
to  patients. 

HAWTHORN  PHARMACEUTICALS 

A  Madison,  Miss.,  specialty  pharma¬ 
ceutical  company  founded  in  1998. 

Of  160  employees,  120  are  sales 
staff.  It  has  rolled  out  the  Apple  iPad, 
replacing  discontinued  HP  iPaq  PDAs 
running  Windows  Mobile. 

Main  applications:  iPoint  customer 
relationship  management  applica¬ 
tion,  from  Pharmaceutical  Opera¬ 
tions  Provider:  Fiberlink  MaaS360 
for  mobile  device  management  and 
software  distribution. 

THE  OTTAWA  HOSPITAL 

Ottawa,  Ontario,  hospital  that  has 
3,000  iPads  deployed  to  doctors, 
interns  and  pharmacists. 

Main  applications:  Custom-built 
apps,  one  for  electronic  ordering  by 
doctors  of  lab  tests,  medical  imaging 
and  medication,  another  for  electronic 
patient  health  records;  Mobilelron,  for 
iOS  device  management. 


3  How  will  you  manage  the  tablets? 

■  “Mobile  device  management  is  a 
massive  topic,”  says  Ottawa  Hospital’s  Pot¬ 
ter.  “We’re  not  doing  it  well,  because  no  one 
is.  It’s  becoming  critical  to  our  deployment.” 

Ottawa  Hospital  currently  uses 
Mobilelron.  “At  the  time,  it  was  the  only  game 
in  town,”  Potter  says.  The  hospital  is  readying 
an  RFP  to  revisit  mobile  device  management 
as  it  prepares  to  deploy  about  1,500  iPhones, 
to  cover  5,000  nurses  working  in  shifts. 
Shift-based  device  management  for  iOS  gear 
is  “quite  a  hot  topic,”  Potter  says. 

Ottawa  Hospital  and  Hawthorn  rely  on 
third-party  management  applications,  which 
create  an  infrastructure  that  both  Apple  and 
Google  lack.  Both  OS  vendors  have  been 
introducing  management  APIs  that  can  be 
used  by  these  applications.  ■ 
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TOOLS 


Gmail  Backup,  a  recipe  for  happiness 


efore  I  get  to  this  week’s  main  topic  I 
must  give  a  big  thumbs-up  to  a  book  that 
all  of  you  who  like  to  cook  will  thor¬ 
oughly  enjoy:  “Cooking  for  Geeks:  Real 
Science,  Great  Hacks,  and  Good  Food” 
by  Jeff  Potter. 


“Cooking  for  Geeks”  lives  up  to  its  title 
combining,  as  it  does,  lots  of  science  with 
excellent  explanations  of  how  and  why 
ingredients  and  cooking  techniques  work 
and  why  they  don’t.  Oh,  and  it  has  lots  of 
well-written  recipes.  I  have  quite  a  few 
books  about  cooking  that  get  technical 
about  food  and  cooking  and  Potter’s  book  is 
one  of  the  best. 

While  there’s  lots  of  traditional  foodie 
stuff  in  this  book,  if  you  like  the  sound  of 
Caramelized  White  Chocolate  or  Fruit 
Juice  Foam  made  with  lecithin  or  Powdered 
Brown  Butter,  or  using  methylcellulose  and 
maltodextrin  to  make  foods  that  melt  in 
weird  ways,  this  book  is  definitely  for  you 
(and  gets  a  rating  of  5  out  of  5). 

Potter  also  has  a  website  for  the  book, 
as  well  as  a  real  “foodie”  blog.  The  book, 
its  site  and  Potter’s  blog  are  all  highly 
recommended. 

So,  onto  another  recipe ...  a  recipe  for 
protecting  yourself  from  a  “Googlesplosion,” 
and  by  Googlesplosion  I  mean  Google  losing 
its  Borg-like  mind  and  obliterating  all  of 
your  email.  This  has  happened,  admittedly 
rarely,  to  some  Google  users  over  the  last  few 
years  and  I,  for  one,  do  not  want  to  become  a 
digital  fatality  should  such  a  fate  befall  my 
Gmail  account. 

But  here’s  the  problem:  The  tools  I’ve 
tried  for  backing  up  IMAP  servers,  such  as 
Google’s  Gmail,  are  mostly  buggy  or  simply 
don’t  work,  so  I  thought  I’d  struck  gold  the 
other  day  when  a  friend  mentioned  a  tool 
called  Imapsize. 

Imapsize  is  Windows  freeware  that  does 
an  impressive  number  of  useful  IMAP-ish 
things,  including  displaying  all  of  the  mail¬ 
boxes  under  an  account  and  flagging  the 
mailboxes  that  use  the  most  storage,  show¬ 
ing  storage  quota  use,  providing  content 
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search  on  single 
or  multiple 
mailboxes,  delet¬ 
ing  single  or  multiple  attachments  without 
downloading,  saving  attachments  locally 
from  multiple  messages,  mailbox  and  mes¬ 
sage  management,  copying  messages  from 
one  IMAP  account  to  another  and  —  the 
one  I  was  interested 
in  —  performing  incre¬ 
mental  backups  of both 
entire  IMAP  accounts 
or  multiple  folders  in 
IMAP  accounts. 

I  found  that  Imapsize 
worked . . .  mostly.  It 
was  randomly  and 
annoyingly  buggy 
under  Windows 
Vista  Ultimate  (for 
example,  Imapsize 
performed  only  a 
partial  backup  of 
my  Gmail  account 
then  failed)  which 
is  probably  a  result  of  the 
program  not  being  updated  since  2009.  It 
is  only  noted  to  work  on  Windows  98,  Win¬ 
dows  Me,  Windows  2000  and  XP. 

Despite  its  issues,  Imapsize  might  be  worth 
keeping  around  installed,  say,  in  a  virtual 
machine  running  Windows  XP  for  diag¬ 
nostic  and  maintenance  purposes  for  IMAP 
accounts.  The  software  is,  as  far  as  I  know, 
unique  in  its  set  of  features.  Imapsize  gets  a 
rating  of  2  out  of  5. 

So,  having  given  up  on  Imapsize  for 
backup  purposes,  I  did  a  little  more  research 
and  discovered  a  program  called,  rather 
unsurprisingly,  Gmail  Backup. 

Created  by  Jan  Svec  and  Filip  Jurcicek, 
Gmail  Backup  is  free  and,  unlike  Imapsize, 
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seems  to  be  bug  free. 

To  execute  Gmail  Backup  you  only  have 
to  enter  your  Gmail  account  details  and  off 
it  goes . . .  downloading  all  of  your  messages 
onto  your  local  file  system  in  Windows  Mail 
E-Mail  Message  (.eml)  format. 

The  download  is  into  files  named 
“YYYYMMDD-hhmmss-nn.eml”  —  only 
the  “nn”  part  needs  explaining;  contrary  to 
the  online  documentation,  this  is  a  string 
formed  by  appending  the  beginning  of  the 
subject  line  to  the  sender’s  email  address 
followed  by  a  sequence  number  to  eliminate 
naming  collisions. 

These  files  are  saved  into  a  subdirectory 
hierarchy  of  year/month/day  under  which¬ 
ever  target  subdirectory  you  select. 

In  my  testing  on  an 
asymmetric  DSL  con¬ 
nection  (3Mbps  down, 
500Kbps  up)  I  saw  an 
average  download  rate  of 
roughly  55KB  per  second 
which  equates  to  about 
five  hours  per  gigabyte. 

You  can  select  a  date 
range  to  download  and 
optionally  restrict  down¬ 
loads  to  “Newest  emails 
only”  which  performs 
incremental  backups  of 
your  Gmail  account  (Gmail 
Backup  simply  saves  a  time- 
stamp  of  the  last  backup  in  a 
control  file  in  the  backup  subdirectory). 

Gmail  Backup  also  supports  command 
line  arguments  such  as: 

gmail-backup.exe  backup_dir  user@ 
gmail.com  password  20070621 20080101 
...  and  appending  “-stamp”  will  perform 
an  incremental  backup. 

Gmail  Backup  (which  gets  a  rating  of 
5  out  of  5)  has  solved  my  worries  about  a 
“Googlesplosion”  so  that  I  can  now  concen¬ 
trate  on  my  Christmas  cooking  plans.  It  is 
also  proof  that  a  good  recipe  can  solve  any 
problem.  ■ 

Gibbs  turns  on  the  heat  in  Ventura,  Calif. 
Your  ingredient  list  to  gearhead@gibbs.com. 
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HP’s  touch-screen  desktop 
continues  to  intrigue  me 


Keith  Shaw’s 

f!nnl  Tnnlc 


TouchSmart 
Desktop  610 
Quad  series 

by  HP,  starts  at  $1,350 


►  What  it  is:  The  latest  version  of  HP’s 
all-in-one  TouchSmart  line  combines  a 
desktop  computer,  touch-screen  LCD 
monitor  and  a  television  into  one  large 
device  (no  more  separate  desktop  tower, 
etc.).  Specs  include  the  second-generation 
Intel  Core  i7  quad-core  processor,  8GB 
of  memory,  64-bit  Windows  7  Home 
Premium  OS,  a  2TB  7200  RPM  hard 
drive,  1GB  AMD  Radeon  graphics  card, 
slot-loaded  Blu-ray  drive  (free  upgrade  to 
Blu-ray  writer)  and  802. lln  wireless  and 
Gigabit  Ethernet  port. 


►  Why  it’s  cool:  The  idea  with  the  touch¬ 
screen  and  other  integrated  features  is  to 
get  the  computer  away  from  its  traditional 
locations  (office,  den,  etc.)  and  into  other 
spaces,  such  as  a  central  living  room  or 
kitchen  area.  It’s  meant  to  be  a  system 
that  the  entire  family  can  use  —  this 
becomes  obvious  when  you  see  the  HP 
TouchSmart  overlay,  which  turns  the 
display  into  a  “virtual  refrigerator,”  letting 
users  place  notes  and  other  items  onto 
the  screen.  HP  uses  the  term  “magnets” 
to  describe  the  widgets,  post-it  notes  and 
other  shortcuts  (such  as  a  photo  or  piece 
of  music)  that  users  can  touch  to  activate. 
The  TouchSmart  overlay  comes  with 
additional  apps,  such  as  direct  access 
to  Netflix,  Twitter,  eBay,  photos/video/ 
music  and  even  a  recipe  app  (see?  Kitchen 
placement!). 

Another  feature  —  the  back  of  the  unit 
can  tilt  more  than  60  degrees  down¬ 
ward,  making  it  almost  flat  to  the 
ground.  This  makes  it  easier 
for  kitchen  counter  place¬ 
ment,  where  the  user  is 
standing  and  looking 
downward,  rather  than 
on  a  desk  or  table,  where 


►  Some  caveats:  With  all  of  the  latest 
specs  regarding  processor  speed  and 
memory,  I  was  a  bit  disappointed  that  USB 
3.0  ports  were  not  included  —  transferring 
existing  photos,  videos  and  music  would 
be  easier  with  a  faster  connection  port.  I 
also  encountered  difficulty  with  the  Netflix 
app  on  the  HP  overlay;  it  didn’t  recognize 
my  login  information,  even  if  I  opened  up 
the  browser  and  logged  in  correctly.  The 
overlay  and  touch-screen  is  a  nice  extra, 
but  most  users  would  likely  return  to  the 
mouse-and-keyboard  inputs  after  the 
novelty  wears  off. 

►  Bottom  line:  If  you’re  looking  for  a 
single  unit  that  combines  a  TV,  computer 
and  monitor  (as  well  as  something  you 
can  attach  your  video  games  to),  the 
TouchSmart  series  is  worth  a  look.  I’d  rec¬ 
ommend  this  unit  for  use  in  a  dorm  room, 
for  example,  where  space  is  limited  for  a  TV 
and  computer.  In  office  scenarios,  the  TV 
inputs  are  likely  useless,  and  the  touch¬ 
screen  aspects  go  away  as  well. 


►  Grade  ★★★★  (out  of  five). 

Shaw  can  be  reached  at 
kshaw@nww.com. 


The 
back  of 

the  TouchSmart 
Desktop  tilts  to  more 
than  60  degrees,  making 
it  perfect  for  the  kitchen. 


the  user  is  sitting.  The  system  also  features 
HP  LinkUp,  which  lets  you  wirelessly 
access,  update  and  save  documents  on  any 
other  notebook  on  the  home  network  from 
the  desktop  unit. 


THE 

SCOOP 
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EXPERTS 
FACE  OFF 
on  the 
HOTTEST 
TOPICS 
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IPS:  Best  of  breed  or  integrated? 


Demand 
the  best 


Martin  Roesch,  founder 
and  CTO,  Sourcefire 


FOR  MORE  THAN  A  DECADE  now  we’ve 
heard  about  how  “security  technol¬ 
ogy  X”  is  going  to  disappear  into 
“device  Y”  because  buyers  love  con¬ 
vergence.  But  despite  the  surety  of 
the  prognosticators,  one  fact  remains 
—  there  is  still  a  large  and  growing 
requirement  for  best-of-breed  intru¬ 
sion  prevention  systems  (IPS). 

I’ll  also  tell  you  a  secret:  you  can 
have  best-of-breed  IPS  in  an  inte¬ 
grated  solution,  but  more  on  that 
later.  First,  let’s  talk  about  why  best- 
of-breed  IPS  is  superior  to  an  IPS  that 
is  developed  for  and  merely  part  of  a 
converged  solution. 

Why?  Because  best-of-breed  solu¬ 
tions  provide  high-fidelity,  including: 

■  Protection:  The  ability  to  detect  all  attacks  with  a  high  degree 
of  accuracy  while  also  being  difficult  to  evade. 

■  Performance:  Devices  are  carefully  designed  to  provide  maxi¬ 
mum  capability  at  maximum  performance. 

■  Flexibility:  Devices  are  focused  on  doing  a  few  things  very  well 
and  tend  to  be  very  flexible. 

■  Research:  Systems  that  are  backed  by  continuous  content 
updates  (IDS/IPS,  anti-malware,  vulnerability  management, 
etc.)  provided  by  a  dedicated  research  team  that  is  responsible 
for  developing  content  and  performing  original  research. 
When  you  look  at  the  solution  that  Sourcefire  offers,  you  can  see 

all  of  these  concepts  in  play.  In  the  latest  round  of  NSS  testing  it 
can  be  seen  that  Sourcefire’s  IPS  solution  offers  the  best  detection 
capability,  anti-evasion,  vulnerability  coverage 
and  performance  of  any  IPS.  Not  only  that,  but  we 
continue  to  research  new  detection  methods  and 
expand  the  capabilities  of  the  underlying  Snort 
engine  at  every  opportunity  to  maintain  our  lead¬ 
ership  in  this  industry. 

Integrated  solutions  have  a  different  set  of 
parameters  that  they  work  under.  The  goal  of  an 
integrated  system  that  incorporates  a  function 
like  IPS  is  generally  not  to  provide  the  best  IPS, 
but  instead  to  provide  a  “good  enough”  capability 
along  with  several  other  core  features  and  deliver  a 
lot  of  functionality  for  a  lower  cost.  The  reasoning 
is  that  if  security  is  made  easy  for  people  to  acquire 
and  manage  “under  one  roof,”  we’ll  see  more  adop¬ 
tion  of  expanded  functionality  and,  therefore,  bet¬ 
ter  security. 

Logically  this  makes  sense,  and  experi¬ 
ence  shows  that  you  can  integrate  commodity 

►  See  Sourcefire, page  24 


Integrated 
is  best  of 
breed 


Wade  Williamson,  senior 
security  analyst  at  Palo 
Alto  Networks 


Safest  approach? 

Best  of  breed — 32% 


Integrated 
solution  —  68% 

Cast  your  vote  and  see 
comments  at 
tinyurl.com/7bj7bst 


THE  DEBATE  BETWEEN  AN  INTEGRATED 

or  best-of-breed  approach  to  IPS  is  a 
false  choice.  Today,  the  best-of-breed 
approach  to  IPS  is  the  integrated 
approach,  and  both  the  threat  land¬ 
scape  and  the  security  industry  itself 
bear  this  out. 

For  more  than  a  decade,  the  secu¬ 
rity  industry  has  attempted  to  solve 
each  new  security  challenge  with  a 
new  specialized  box.  This  approach 
is  operationally  impractical  and  ulti¬ 
mately  ineffective.  Separate  systems 
create  silos  of  information,  lead  to 
device  sprawl,  and  result  in  needless 
overhead. 

Just  as  important,  as  attacks  have 
grown  more  sophisticated,  isolated 
solutions  lack  the  all-important  con¬ 
text  needed  to  detect  and  remediate  complex  modern  attacks. 

Modern  IT  security  threats  have  long  since  evolved  beyond 
the  types  of  attacks  that  a  stand-alone  IPS  was  designed  to  solve. 
Today’s  attackers  don’t  limit  themselves  to  simply  running  a  vul¬ 
nerability  exploit.  Instead  they  use  a  blend  of  exploits,  malware, 
remote  access  tools,  infected  URLs  and  even  unknown  or  custom¬ 
ized  threats,  all  of  which  are  further  enabled  by  a  variety  of  appli¬ 
cations  that  can  proxy,  tunnel  and  encrypt  threats  in  order  to  evade 
and  hide  from  traditional  security.  To  stop  these  types  of  threats 
we  must  ensure  visibility  into  the  traffic  itself,  control  all  of  the 
various  threat  disciplines  and  do  it  all  in  context.  A  stand-alone 
IPS  does  none  of  these  things. 

I’m  sure  the  statements  above  raised  a  few  hack¬ 
les,  so  let  me  provide  a  bit  of  support.  First,  any 
modern  discussion  of  cyberthreats  should  begin 
with  understanding  how  threats  hide  from  secu¬ 
rity.  An  IPS  will  miss  every  threat  that  it  can’t  see, 
so  the  battle  can  be  lost  before  traffic  ever  reaches 
the  IPS.  This  is  where  an  integrated  solution  pro¬ 
vides  important  context  and  control  that  a  stand¬ 
alone  IPS  lacks. 

As  an  example,  consider  how  applications  are 
regularly  used  to  hide  and  conceal  threats.  They 
can  encrypt  traffic,  hop  ports  or  tunnel  within 
other  applications  to  show  up  in  unexpected 
places.  This  is  important  given  that  IPS  signatures 
are  typically  applied  based  on  port  (e.g.  apply  sig¬ 
nature  X  on  ports  Y  through  Z).  If  the  threat  shows 
up  on  a  port  outside  the  expected  range,  then  the 
signature  never  executes. 

Beyond  evasive  applications,  proxies,  remote 

►  See  PaloAlto,  page  24 
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functionality  and  not  sacrifice  too  much  capability.  Unfortunately, 
this  model  can  break  down  when  it  is  applied  haphazardly  via 
poorly  coupled  technology  integration,  or  if  too  much  is  asked  of 
a  device. 

Generally  speaking,  the  more  functionality  a  device  has,  the  more 
computing  power  it  requires.  When  devices  inevitably  become 
overloaded  and  affect  network  performance,  the  first  thing  to  go  is 
the  quality  of  protection  the  solution  provides;  users  rapidly  lose 
focus  on  the  reason  that  they  bought  the  solution  in  the  first  place. 

Unified  threat  management  (UTM)  tools  are  the  worst  offenders 
here.  Security  all  too  frequently  goes  from  a  model  of  “protect  us 
from  the  threats  we  face”  to  “protect  us  from  the  top  10  threats  on 
the  Internet  and  don’t  impact  anything.” 

Some  vendors  try  to  address  this  problem  by  building  custom 
hardware  and  chips  in  order  to  field  a  larger  detection  set  with 
merely  acceptable  performance,  but  all  too  often  this  comes  at  a 
price  of  protection  quality  and  flexibility. 

All  of  that  said,  best-of-breed  technology  can  be  part  of  an  inte¬ 
grated  solution,  and  can  function  well,  but  it  needs  to  be  built  with 
a  much  different  philosophy  than  described  above.  Sourcefire’s 
approach  as  we  built  our  own  next-generation  firewall  was  to  con¬ 
centrate  on  bringing  proven  best-of-breed  technologies  together  in 
a  way  that  was  effective  and  powerful  without  sacrificing  detec¬ 
tion  quality,  performance  or  flexibility. 

This  no-compromise  approach  to  attacking  the  problem  is  a  new 
model  for  building  security  platforms  that  can  run  stand-alone, 
or  as  an  integrated  solution  that  still  provides  the  best  protection 
available  against  today’s  threats.  ■ 

With  solutions  from  the  network  to  the  endpoint,  Sourcefire 
provides  customers  with  "Agile  Security"  that  is  as  dynamic  as 
the  real  world  it  protects. 


►  Palo  Mto,  from  page  23 

desktop  tools,  compressed  traffic  and  purpose-built  circumvent¬ 
ing  tools  like  UltraSurf  and  Hamachi  can  all  help  an  attacker  avoid 
detection.  By  contrast,  a  next-generation  firewall  inspects  all  traffic 
regardless  of  port,  so  port  evasion  has  no  effect.  Furthermore  it 
progressively  decodes  protocols  and  applications  so  traffic  can’t 
hide  within  and  controls  all  application  types  so  circumventors 
aren’t  allowed  on  the  network. 

The  problems  for  dedicated  IPS  don’t  end  with  applications.  A 
modern  network  threat  will  blend  vulnerability  exploits,  various 
types  of  malware  and  remote  websites  and  servers.  All  of  these 
components  work  together  as  part  of  the  attack,  and  each  piece 
may  be  known  or  unknown  to  the  security  industry.  Stand-alone 
IPS  only  understands  one  of  these  components  —  the  known  vul¬ 
nerability  exploit  —  while  missing  the  rest. 

Furthermore,  IPS  products  are  limited  to  known  vulnerabilities. 
While  all  modern  IPS  solutions  use  vulnerability  signatures,  this 
is  still  a  signature  based  on  something  that  is  known.  Anything 
truly  unknown  will  be  passed  on. 

As  a  result,  the  debate  between  stand-alone  vs.  integrated  IPS  is 
relatively  settled  (at  least  for  the  time  being).  As  the  bad  guys  have 
evolved  from  single-shot  exploits  to  multi-dimensional,  multi-vec¬ 
tored  threats,  we  can  only  play  into  their  hands  if  we  continue  to 
artificially  segment  our  network  security  intelligence  and  enforce¬ 
ment  into  specialized  silos.  ■ 

Palo  Alto  Networks  is  the  network  security  company.  Its 
next-generation  firewalls  integrate  application,  content  and 
user-aware  firewall  technology  with  IPS,  antivirus,  cloud-based 
anti-malware  and  other  technologies  to  stop  threats  and  prevent 
data  leakage  in  the  enterprise. 
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No  one  ‘right’  answer 

©  There  will  never  be  one  “right"  answer 
to  this  question.  If  you  are  a  small  orga¬ 
nization  that  can  only  afford  one  device, 
you’ll  have  to  go  with  the  “best”  integrated 
security  solution  you  can  get  your  hands 
on.  But  what  happens  when  your  system 
fails  or  is  misconfigured?  Your  strategy  is 
/'  then  going  to  rely  on  host-based  solutions 
as  backup.  For  larger  organizations  I  still 
recommend  multiple  lines  of  perimeter 
r  defense.  I  look  to  use  as  much  of  the 
multi-faceted  security  functionality  as 
a  Palo  Alto  or  similar  will  give  me,  but  I 
still  want  a  safety  net.  JRATSECYURE 

Specialized  tools  required 

I-C&  ' 

©  Best  of  breed  is  right  now  the  only 
:  ,s  : : 1  way  to  go.  By  that  I  mean  specialized 
tools  designed  to  perform  monitoring 
■  '  tasks  of  a  narrow  set  of  issues.  In  more 

■  -  _ - 


than  12  years  experience  with  Source- 
fire  and  other  Top  5  IPSs,  I  can  only  say 
that  all  are  becoming  less  effective  for 
measuring  attacks.  And  client-based 
tools  fare  no  better.  I  am  a  user/consumer 
of  these  products  at  a  large  aerospace 
firm.  Targeted  attacks  and  zero  days  in 
specialized  use  cases  are  rendering  IPSs 
useless.  Added  to  that  is  the  notion  that 
the  tech  support  organizations  at  these 
companies  are  not  equipped  to  instruct 
users  on  the  correct  way  to  configure  the 
devices  to  avoid  such  attacks.  Part  of  the 
issue  is  that  IPSs  are  mainly  designed 
for  large-scale  attacks,  and  what  we  are 
seeing  are  the  low  and  slow  variety  that 
evade  IPS  detection.  1NETSECEXPERT 

Not  mutually  exclusive 

©  The  way  this  question  is  posed  implies 
an  integrated  solution  cannot  be  best  of 
breed.  I  believe  that  up  until  the  last  few 


years,  UTMs  attempted  to  roll  multiple 
functions  onto  the  same  iron  for  the  spe¬ 
cific  purpose  of  cost  savings.  Customers 
knew  they  were  giving  away  effectiveness 
to  save  some  scratch.  Bolting  on  IPS  to 
a  firewall  only  delivered  60%  of  what  a 
stand-alone  IPS  could  but  it  was  better 
than  nothing.  In  the  last  few  years,  we’ve 
seen  the  emergence  of  integrated  security 
solutions  that  are  greater  than  the  sum 
of  their  parts.  IPS  is  struggling  with  the 
same  issues  as  desktop  AV:  Threats  are 
too  agile  and  evasive  for  “known  bad” 
technology  to  keep  up.  MANDEVUA 

Execution  is  key 

©  If  executed  properly  an  integrated 
solution  can  be  better  than  best  of 
breed.  Better  TCO  and  ROI.  We’ve  used 
Palo  Alto  for  a  while  and  it  is  as  good  or 
even  better  than  the  IPS  solution  we’ve 
deployed  in  the  past.  JOHNTN72 
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CLEAR  CHOICE  TEST:  CISCO  UNIFIED  COMPUTING  SYSTEM 

Cisco  impresses  with  UCS 

Integrated  server  blades,  networking  and  mgmt.  make  UCS  a  strong  candidate 


BY  JOEL  SNYDER 

If  you’re  tempted  to  think  of  Cisco’s 
Unified  Computing  System  (UCS)  as 
just  another  blade  server  —  don’t.  In 
fact,  if  you  just  want  a  bunch  of  blades 
for  your  computer  room,  don’t  call 
Cisco  —  Dell,  HP  and  IBM  all  offer  simpler 
and  more  cost-effective  options. 

But,  if  you  want  an  integrated  compute 
farm  consisting  of  blade  servers  and  chassis, 
Ethernet  and  Fibre  Channel  interconnects, 
and  a  sophisticated  management  system, 
then  UCS  might  be  for  you. 

When  Cisco  introduced  UCS  in  2009, 
based  on  a  2006  investment  in  Nuova  Sys¬ 
tems,  everyone  had  an  opinion  about  Cisco 
entering  the  server  business.  Now  that  it’s 
had  a  couple  of  years  to  prove  its  case,  we 
wanted  to  take  a  closer  look  and  see  whether 
UCS  had  lived  up  to  the  initial  excitement. 

We  found  that  for  some  environments, 
Cisco  has  brought  a  compelling  and  valu¬ 
able  technology  to  market.  Cisco  UCS  offers 
enterprises  greater  agility  and  lower  deploy¬ 
ment  and  maintenance  costs,  and  is  especially 
attractive  in  virtualization  environments. 

While  UCS  won’t  be  attractive  in  some  data 
centers,  and  won’t  be  cost-effective  in  others, 
it  does  have  the  potential  to  make  life,  and 
computing,  easier  for  data  center  managers. 

Cisco  UCS  has  three  main  components: 
blade  server  chassis  and  blades,  a  fabric  inter¬ 
connect,  which  is  networking  based  on  Cisco 
Nexus  5000  switch  hardware  and  software, 
and  a  management  system  resident  within 
the  fabric  interconnect  that  controls  it  all. 

The  blade  server  chassis  is  fairly  simple, 
and  there’s  a  competitive  selection  of  blade 
CPU  and  memory  options.  Networking  is 
integrated,  not  just  within  the  chassis,  but 
between  multiple  chassis  (up  to  about  20 
within  a  single  management  domain  today). 

But  what  really  makes  Cisco  UCS  worth 
considering  is  the  integrated  hardware  and 
configuration  management.  In  UCS,  a  single 
Java  application  (or  CLI)  is  used  to  manage 
the  hardware  and  network  configuration  for 
up  to  176  blades  today,  with  a  doubling  of  that 
expected  to  hit  the  streets  soon. 

The  management  system  runs  as  a  soft¬ 
ware  process  inside  of  the  (mandatory)  UCS 
6100-  or  6200-series  fabric  interconnect 
hardware,  and  is  responsible  for  configura¬ 
tion  of  the  chassis,  the  blades  and  all  network¬ 
ing  components. 

If  you  follow  Cisco’s  advice  and  use  two  fab¬ 
ric  interconnects,  you’ll  have  high  availabil¬ 
ity  for  networking,  and  high  availability  for 
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Cisco 
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Price 
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Pros 

Simplifies  deployment  of 
blade  servers;  integrates 
storage  and  data  networking; 
based  on  10  gigabit 
interconnects  everywhere; 
ideal  for  VMware 
environments 

Cons 

"UCS  tax”  drives  up  per-blade 
cost;  might  not  be  suited 
to  midsize  environments  or 

ones  that  don’t  change  a  lot; 
benefits  reduced  if  not  using 
Fiber  Channel  or  don’t  need 

10G  Ethernet 

UCS  management.  The  management  system 
automatically  clusters  and  runs  in  an  active/ 
passive  high-availability  mode  spread  across 
the  two  fabric  interconnects. 

The  management  interface  actually  takes 
the  form  of  a  documented  XML-based  API, 
accessible  either  via  Cisco-provided  CLI  or 
GUI  tools.  You  can  also  write  your  own  tools 
or  buy  third-party  ones,  directly  via  the  API. 
We  used  the  Java-based  UCS  Manager  soft¬ 
ware,  which  is  what  anyone  with  a  single 
UCS  domain  would  want  to  use,  in  most  of 
our  testing. 

Because  a  UCS  domain  is  limited  in  size 
today  to  about  175  servers  connected  to  a 
single  pair  of  UCS  fabric  interconnects,  it’s 
likely  that  many  customers  will  have  at  least 
two  domains  for  two  data  centers.  In  that  case, 
you  can  manage  the  two  domains  separately  or 
buy  a  third-party  “orchestrator”  package  that 
lets  you  work  across  domains.  Cisco  actually 
offers  a  free  open  source  tool  called  UCS  Dash¬ 
board  that  lets  you  roll  up  two  or  more  UCS 
domains  into  a  single  read-only  view. 

There  are  some  limitations  to  the  reach  of 
the  management  system.  For  example,  if  you 
provision  a  new  server  with  SAN  connections, 


there’s  no  way  for  the  management  interface 
to  reach  over  to  the  SAN  to  make  the  linkage 
and  match  up  Fibre  Channel  names.  The 
same  is  true  for  networking:  Just  because  you 
create  a  new  VLAN  using  the  UCS  manage¬ 
ment  system  doesn’t  mean  that  the  rest  of  your 
network  will  know  about  it. 

UCS  management  at  your  service 

UCS  management  is  based  largely  on  the  con¬ 
cept  of  “service  profiles,”  a  series  of  parameters 
that  define  every  aspect  of  a  single  blade  server. 
That  includes  BIOS  versions,  power  and  disk 
settings  and  network  interface  card  configura¬ 
tions,  such  as  media  access  control  addresses 
and  storage-area  network  identifiers. 

Once  you  have  created  a  service  profile 
for  a  type  of  server,  you  use  it  whenever  you 
want  to  add  servers  to  your  mix.  Install  the 
blades,  and  then  apply  the  service  profiles  in 
an  “association  cycle.”  Within  a  few  minutes, 
a  server  can  be  provisioned  that  matches  your 
requirements. 

We  can  say  one  thing:  You  don’t  know  what 
you’re  missing  until  you’ve  seen  UCS  man¬ 
agement  in  action.  Getting  a  server  from  out- 
of-the-box  to  ready-to-use  is  reduced  to  a  bare 
minimum  of  effort.  This  makes  UCS  ideal  for 
enterprise  environments  where  the  number  of 
servers  is  sizeable  and  growing  continuously. 

If  you’re  not  constantly  adding  new  serv¬ 
ers,  and  incurring  the  pain  of  configuration 
and  deployment,  then  an  investment  in  UCS 
is  less  compelling. 

Digging  deeper  into  UCS  servers 

Cisco  UCS  may  be  all  about  management,  but 
if  the  servers  that  make  up  UCS  don’t  make 
the  grade,  then  there’s  no  point.  We  found  a 
solid  core  of  full-featured  blades,  but  also  a 
lot  of  obsolete  and  niche  UCS  products  on  the 
website  and  price  list  that  had  to  be  cut  away 
to  understand  what  was  really  important.  In 
both  servers,  and  in  networking  options,  Cisco 
has  a  lot  of  parts  that  confuse  the  issue,  making 
things  more  complicated  than  they  need  to  be. 

Cisco  currently  offers  B-series  (blade)  and 
C-series  (rack-mount  server)  options  for  UCS, 
although  the  B-series  are  all  that  matters.  The 
B-series  are  blades  that  go  into  an  eight-slot 
chassis  (the  UCS  5108),  and  the  C-series  are 
standard  1U  to  4U  rack-mount  servers. 

The  B-series  blades  have  changed  over 
time.  Cisco  started  with  an  Ml  series  of  blades, 
some  of  which  are  still  on  its  price  list,  and  has 
since  gone  through  an  upgrade  cycle,  offer¬ 
ing  B200,  B230,  B250  and  B440  M2  blades. 
Today,  the  M2  series  includes  two-socket  and 
four-socket  offerings  based  on  Intel  5600 and 
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E7  series  processors  with  four  to  10  cores  per 
socket,  CPU  speeds  up  to  3.46GHz  and  with 
up  to  512GB  of  memory. 

Blades  come  in  both  single-slot  and  double¬ 
slot  configurations,  depending  on  the  num¬ 
ber  of  disk  drives  and  the  amount  of  memory 
you  want.  (Cisco  confusingly  calls  these  half¬ 
slot  and  full-slot,  which  means  they  should 
have  called  the  5108  chassis  a  5104  chassis, 
since  it  really  only  has  four  “full  slots.”)  Most 
environments  will  be  based  on  the  single-slot 
configuration,  giving  eight  blades  per  chassis. 

Compared  to  existing  1U  servers  from 
traditional  vendors,  the  B-series  blades 
stand  up  as  very  competitive  offerings  from 
a  technology  point  of  view.  In  fact,  with  Cis¬ 
co’s  Extended  Memory  Technology,  some 
B200  two-socket  servers  can  have  as  much 
as  384GB  of  memory,  beating  out  traditional 
rack-mounted  Intel  Xeon  5500/5600-based 
servers  that  top  out  at  144GB  or  288GB  (using 
very  expensive  and  not-very- available  16GB 
DIMMs).  Even  if  you  don’t  want  that  much 
memory,  Cisco’s  higher  DIMM  slot  count  lets 
you  use  less  expensive  (per  gigabyte)  DIMMs 
to  achieve  the  same  memory  capacity. 

As  with  any  blade  server,  the  focus  is  on  net¬ 
work-based  storage  via  SAN  rather  than  local 
storage.  The  B-series  blades  all  have  the  capa¬ 
bility  to  handle  two  or,  in  the  case  of  the  B440, 
four  drives,  but  local  storage  is  extremely  lim¬ 
ited.  If  more  than  four  drives  of  local  storage 
on  a  single  system  are  important,  then  blade 
servers  are  probably  not  right  for  you. 

The  C-series  includes  six  stand-alone 
devices,  from  1U  to  4U  and  with  a  storage 
capacity  of  between  eight  and  16  drives.  Any¬ 
one  looking  at  UCS  should  focus  exclusively 
on  the  B-series,  for  two  reasons.  First,  while 
the  C-series  have  most  of  the  capabilities  of  the 
B-series  blades,  they  aren’t  managed  and  con¬ 
trolled  in  the  same  way,  although  Cisco  told  us 
it  is  working  to  smooth  out  the  differences. 

Second,  and  more  important,  there’s  just 
not  a  lot  of  point  in  buying  stand-alone  serv¬ 
ers  from  Cisco.  All  of  the  advantages  of  UCS 
disappear  when  you’re  talking  big  servers 
with  lots  of  local  disks.  Once  you  put  a  lot  of 
disks  on  something,  it’s  no  good  for  hypervi¬ 
sor  virtualization,  and  it’s  no  longer  a  cog  in 
the  machine  of  the  data  center. 

If  you  had  a  big  Cisco  blade  server  farm 
and  wanted  to  throw  one  or  two  rack-mount 
stand-alone  servers  in,  you  could  do  that  for 
a  special  purpose,  but  there’s  no  good  reason 
to  build  UCS  in  your  machine  room  based  on 
rack-mount  servers. 

Cisco’s  blade  chassis,  the  UCS  5108,  is  also 
very  competitive  with  other  blade  chassis  on 
the  market.  The  6U  unit  has  four  power  sup¬ 
plies  and  eight  fan  trays  and  is  designed  for 


easy  maintenance  both  of  the  chassis  and  the 
blades  inside  of  it.  Features  such  as  front-to- 
back  airflow  and  cabling  are  all  set  up  for  mod¬ 
ern  data  center  environments.  If  you  put  the 
UCS  5108  in  your  data  center,  you’re  not  going 
to  be  surprised  by  any  poor  design  choices. 

On  the  other  hand,  the  raw  blade  servers 
you  get  in  UCS  are  not  going  to  stun  you  with 
their  brilliance  either.  Now  that  most  serv¬ 
ers  are  being  treated  as  commodity  systems 
using  the  same  chipset,  there’s  not  a  lot  of 
room  for  computing  innovation  while  main¬ 
taining  compatibility. 

If  you’ve  been  buying  servers  by  the  dozen 
from  Dell,  IBM  and  HP,  Cisco’s  blade  server 
specifications  and  capabilities  aren’t  going 
to  be  very  far  afield  from  what  you’re  used  to. 

Networking  innovation 

UCS  is  primarily  a  server  product  designed  to 
be  sold  to  data  center  managers,  not  network 
managers,  but,  as  you  would  expect  from 
Cisco,  there’s  a  very  strong  awareness  of  the 
problems  of  networking  in  the  data  center. 

For  example,  a  fully  configured  UCS  chas¬ 
sis  with  eight  servers  inside  will  usually  only 
require  four  power  cables,  and  four  data 
cables  to  connect  to  the  enterprise  network: 
two  lOGbps  ports  out  of  the  interconnect  card 
on  one  side  of  the  chassis  and  two  out  of  the 
card  on  the  other  side. 

That’s  not  bad  for  eight  servers,  which 
would  traditionally  require  eight  times  as 
many  patch  cords  for  both  storage  and  net¬ 
working,  and  four  (or  more)  times  as  many 
power  cables. 

To  understand  the  networking,  you  have 
to  see  that  Cisco  has  created  a  distributed 
switch,  extending  all  the  way  from  the  tradi¬ 
tional  distribution-layer  switch  down  to  the 
NIC  in  the  blade  server,  and  even  to  virtual 
NICs  in  virtual  machines  running  on  a  blade 
server. 

Cisco  UCS  includes  two  critical  pieces  that 
make  this  large-scale  distributed  switch  pos¬ 
sible.  The  first  piece  is  the  Fabric  Extender, 
the  UCS  2104XP.  This  card  —  and  you  need 
two  of  them  per  blade  chassis,  unless  you  are 
simply  building  a  test  system  —  sits  in  the 
UCS  5108  chassis,  and  aggregates  the  traf¬ 
fic  inside  the  blade  server,  including  both 
Ethernet  and  Fibre  Channel,  from  all  eight 
blades  over  internal  lOGbps  interconnects. 
These  fabric  extenders  shoot  the  traffic  up  to 
the  second  critical  piece,  the  Fabric  Intercon¬ 
nects,  (based  on  Cisco  Nexus  5000  switch 
hardware)  over  multiple  lOGbps  connections. 

The  benefit  of  UCS  to  the  network  man¬ 
ager  is  that  everything,  from  the  fabric  inter¬ 
connects  down  to  the  Ethernet  cards  in  the 
blades,  is  managed  as  a  single  entity.  There’s 


Cisco  UCS 
pricing:  It’s 
complicated 

As  with  any  server  product,  there 
are  lots  of  ways  to  configure  UCS, 
including  different  levels  of  CPU, 
memory  and  storage.  Cisco  has  a 
29-page  document  to  help  you  get  it 
right,  and  29  pages  are  not  overkill. 
To  get  an  idea  of  what  this  might 
cost,  we  configured  two  separate 
systems:  one  with  40  dual-socket 
blades,  and  another  with  80  of  the 
same  blades. 

We  picked  Intel  5600-series 
(Westmere-EP)  X5675  CPUs,  each 
with  six  cores  running  at  3.06GHz, 
an  expensive  but  pretty  common 
choice  for  enterprise  virtualization 
workloads.  We  also  packed  in  96GB 
of  memory  for  each  system,  and  put 
in  only  a  single  small  SATA  drive  for 
booting,  logging  and  diagnostics. 

The  list  price  for  the  40-blade 
system  was  about  $950,000 
($23,850  per  blade,  or  $1,987  per 
core)  and  for  the  80-blade  system 
about  $1,850,000  ($22,980  per 
blade,  or  $1,915  per  core).  Cisco 
was  quick  to  remind  us  that  deals 
of  this  size  are  routinely  discounted 
40%  to  50%,  taking  the  totals  down 
to  $525,000  ($13,117  per  blade,  or 
$1,093  per  core)  for  40  blades  and 
$1,011,000  ($12,637  per  blade,  or 
$1,053  per  core)  for  the  80-blade 
system. 

We  also  calculated  the  "UCS  tax,v 
by  comparing  the  cost  of  the  blades 
(CPUs,  memory,  hard  drive,  network 
cards)  and  non-UCS  networking 
alternatives  against  the  total  cost 
of  the  UCS  integrated  system.  We 
found  that  UCS  has  a  "tax"  of  about 
15%,  meaning  that  you’re  paying 
about  15%  more  to  have  the  ben¬ 
efits  of  blade  servers  and  integrated 
storage/data  networking  compared 
to  just  going  do-it-yourself  with  1U 
servers,  stand-alone  switches,  and, 
in  the  case  of  the  80-blade  system, 
280  more  patch  cords. 

—  Joel  Snyder 
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no  difference  between  the  management  of  the 
core  switches,  the  top-of-rack  switch  configu¬ 
ration,  which  wires  go  to  what  ports,  or  how 
VMware  networking  is  configured  —  it’s  all 
done  by  one  person,  the  UCS  chassis  manager, 
using  Cisco’s  UCS  management  tools. 

The  networking  handoffs  between  a  Cisco 
UCS  domain  of  100  or  more  servers  and  the 
rest  of  the  data  center  occurs  at  the  fabric 
interconnect,  where  a  few  Ethernet  and  Fibre 
Channel  connections  link  UCS  to  the  core 
LAN  and  Fibre  Channel  switches.  It’s  sophis¬ 
ticated  networking,  but  the  details  are  hidden. 
Remember  that  UCS  is  managed  by  server 
managers  with  a  minimum  of  requirement  for 
networking  expertise.  To  set  your  expectations 
properly,  pretend  that  it  doesn’t  say  “Cisco”  on 
that  nameplate  —  this  is  not  a  network  product, 
but  a  server  product. 

Once  the  configuration  is  loaded  into  a  blade, 
the  blade’s  networking  configuration  is  done 
and  isolated  from  other  devices.  That  means 
that  when  you  start  to  load  an  operating  sys¬ 
tem  on  a  configured  blade,  all  you  see  are  the 
Ethernet  and  Fibre  Channel  ports  configured 
by  the  UCS  manager. 

In  a  VMware  environment,  the  UCS  man¬ 
ager  brings  virtual  ports  to  each  virtual 
machine.  The  VMware  vSwitch  is  gone  (if 
you  want),  because  the  vSwitch  has  been 
replaced  by  the  UCS  fabric  extenders  and 
fabric  interconnect,  a  true  distributed  physi¬ 
cal  switch.  There’s  no  need  for  the  VMware 
manager  to  understand  VLANs,  vSwitches, 
or  anything  other  than  normal  LAN  and  stor¬ 
age  interconnections. 

These  configured  ports  on  blades  show  up 
as  virtual  ports  on  the  fabric  interconnect. 
Every  virtual  NIC  on  every  VLAN  (and  every 
Fibre  Channel  adapter)  available  to  every 
blade  has  become  a  port  on  the  fabric  inter¬ 
connect,  literally  thousands  of  them  in  some 
situations. 

While  the  fabric  interconnects  are  based 
on  the  same  hardware  as  Cisco’s  Nexus 
5000-series  switches,  you  don’t  get  the  full 
IOS  configuration  capability  you  might  have 
expected  on  the  Nexus  switch.  The  fabric 
interconnect  switches  traffic,  but  that’s  about 
it,  meaning  that  more  powerful  Layer  3  switch 
features,  such  as  routing  and  access  control 
lists,  are  not  available  at  this  level. 

If  you’ve  gotten  used  to  advanced  secu¬ 
rity  features  of  Cisco’s  Nexus  1000V  virtual 
switch  in  your  VMware  environment,  you 
won’t  find  them  in  Cisco  UCS,  and  you’d  have 
to  combine  UCS  capabilities  and  the  1000 V, 
losing  some  of  the  benefits  of  UCS. 

Cisco  goes  even  further  and  strongly  sug¬ 
gests  you  run  the  fabric  interconnect  in  “End 
Host”  mode,  which  disables  spanning  tree, 
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making  the  UCS  domain  connect  up  to  your 
network  as  if  it  were  a  really,  really  big  host. 
UCS  then  can  spread  the  load  of  different 
VLANs  across  all  uplinks  from  the  fabric 
interconnect  to  the  rest  of  the  network.  This 
advice  makes  it  clear  who  UCS  is  designed 
for:  not  the  network  manager,  but  the  server 
hardware  manager. 

Strict  configuration  makes 
for  simplified  networking 

Networking  flow  in  Cisco  UCS  is  very  hierar¬ 
chical  and  very  constrained.  Every  blade  con¬ 
nects  Ethernet  data,  Fibre  Channel  data  and 
some  out-of-band  management  traffic,  over 
two  private  lOGbps  connections.  These  two 
connections  are  internal  within  the  chassis, 
one  from  each  blade  to  the  two  fabric  extend¬ 
ers  also  within  the  chassis  (in  the  normal  case). 
The  fabric  extenders  connect  upward,  out  of 
the  chassis,  to  the  fabric  interconnects,  typi¬ 
cally  using  two  ports  per  fabric  extender  for 
a  total  of  four  ports  per  chassis  going  to  two 
fabric  interconnects. 

From  the  fabric  interconnects,  Cisco  UCS 
connects  to  the  rest  of  your  Ethernet  and  Fibre 
Channel  network  via  separate  Fibre  Channel 
and  lOGbps  Ethernet  connections. 

Some  variation  in  networking  is  possible, 
but  not  a  lot.  Cisco  has  multiple  Ethernet 
cards  available  for  the  blades,  but  most  net¬ 
work  managers  will  use  the  M81KR  adapter, 
code-named  “Palo,”  which  presents  itself  as 
Fibre  Channel  and  Ethernet  NICs  to  the  blade, 
and  has  two  lOGbps  internal  uplink  ports. 

There’s  also  an  Ethernet-only  card  if  you 
don’t  want  Fibre  Channel,  which  will  save  you 


$300  a  blade.  However,  if  you’re  not  heavily 
into  Fibre  Channel  storage,  all  of  the  network¬ 
ing  integration  and  many  of  the  provisioning 
advantages  of  UCS  won’t  mean  anything  to 
you  —  which  suggests  that  UCS  works  best  in 
a  Fibre  Channel  environment. 

In  other  words,  if  you’re  using  iSCSI  or  local 
storage,  you’re  not  a  great  candidate  for  seeing 
the  advantages  of  UCS. 

When  we  looked  at  UCS  last  month,  the 
fabric  extender  was  limited  to  the  2104XP, 
which  has  eight  internal  ports  (one  for  each 
blade)  and  four  uplink  ports  to  the  fiber  inter¬ 
connect,  all  at  lOGbps.  A  2208  model  has  been 
announced  (along  with  a  matching  high-den¬ 
sity  Ethernet  card),  with  32  internal  ports  and 
eight  uplink  ports,  for  the  rare  environment 
where  lOGbps  is  just  not  enough  for  a  single 
blade. 

The  fabric  interconnects  have  also  been 
revised.  Cisco  originally  released  the  UCS 
6120XP  and  UCS  6140XP,  able  to  handle  20 
and  40  chassis  ports  plus  uplink  capacity. 
The  current  replacement  for  both  is  the  UCS 
6248UP,  with  a  total  of  48  ports.  Depending 
on  how  the  rest  of  your  network  looks,  that 
would  leave  you  room  for  20  to  22  chassis  per 
switch.  The  unannounced-but-nearly-ready 
UCS  6296UP  would  double  those  numbers, 
allowing  up  to  44  chassis,  or  352  blades,  per 
UCS  domain. 

Those  maxima  are  pretty  important, 
because  you  can’t  grow  UCS  domains  (that’s 
the  word  Cisco  uses  for  a  combination  of  fab¬ 
ric  interconnects  and  chassis)  beyond  two 
peer-connected  fabric  interconnects. 

If  you  follow  best-practice  recommenda¬ 
tions  for  redundancy,  that  means  you  start 
with  two  fabric  interconnects  (which  are  clus¬ 
tered  into  a  single  management  unit),  and  can 
have  up  to  about  22  chassis,  or  176  blade  serv¬ 
ers,  per  UCS  domain  using  released  hardware. 
(Double  that  if  you’re  willing  to  wait  for  the 
UCS  6296UP  to  ship.) 

All  of  these  configuration  guidelines  and 
capabilities  make  UCS  networking  a  great  fit 
in  some  environments,  but  not  in  others. 

If  you’ve  had  networking  configuration  and 
management  problems  with  large  virtualiza¬ 
tion  environments  or  even  physical  environ¬ 
ments  with  lots  of  servers,  Cisco  UCS  pro¬ 
vides  a  dramatic  simplification  by  creating  a 
flat  distributed  switch  that  reaches  all  the  way 
down  to  each  guest  virtual  machine. 

If  you’ve  been  burned  by  cable  management 
problems,  or  if  the  idea  of  bundling  more  than 
150  servers  or  1,500  virtual  systems  into  four 
racks  with  80  internal  patch  cables  and  less 
than  10  external  patches  seems  like  a  good  one, 
then  the  network  density  and  roll-up  of  UCS 
will  definitely  drop  your  blood  pressure.  And 
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reduce  the  likelihood  of  patching  and  configu¬ 
ration  error. 

Is  UCS  right  for  you? 

After  spending  a  week  looking  in-depth  at 
Cisco  UCS,  as  we  did,  it’s  easy  to  come  away 
excited  about  the  product.  The  engineering 
is  solid,  the  software  isn’t  buggy  and  UCS 
clearly  has  something  to  offer  to  the  data  cen¬ 
ter  manager. 

On  the  other  hand,  UCS  is  not  for  everyone. 
If  you’ve  only  got  100  servers  in  your  data 
center,  or  if  you’re  not  growing  racks  full  of 
servers  every  few  months,  you  won’t  enjoy 
the  management  interface,  because  you’re  not 
feeling  the  pain  of  deploying  servers. 

If  you’re  worried  about  single-vendor  lock- 
in  for  hardware  and  networking,  if  you  run 
the  same  application  on  10,000  servers  or  if 
capital  costs  for  servers  are  a  major  concern, 
Cisco  UCS  won’t  be  very  attractive  to  you. 

Cisco  UCS  is  thoroughly  modern  hardware. 
The  performance  (running  industry  stan¬ 
dard  benchmarks)  in  both  virtualization  and 
non-virtualization  environments  is  outstand¬ 
ing.  Features  such  as  power  management. 


hardware  accessibility  and  high-speed  net¬ 
working  are  what  you’d  want  from  a  server 
vendor.  Although  there  will  always  be  a  lin¬ 
gering  concern  whether  Cisco  will  stay  in  the 
server  business,  it’s  shown  evidence  of  con¬ 
tinuing  innovation  and  development,  and  solid 
commitment  from  customers  up  to  this  point. 

The  use  case  for  UCS  boils  down  to  two 
advantages:  agility,  and  shrinking  provision¬ 
ing  and  maintenance  time. 

Agility  because  UCS  treats  server  blades  the 
way  that  SANs  treat  disk  drives,  as  anonymous 
elements  that  are  brought  into  play  as  needed 
by  the  load.  When  you’re  layering  a  virtualiza¬ 
tion  workload  on  top  of  non-virtualized  servers, 
UCS  offers  some  of  the  benefits  of  virtualiza¬ 
tion  at  the  server  hardware  layer. 

One  Cisco  staffer  called  it  “  VMotion  for  bare 
metal.”  It’s  not  exactly  that,  of  course,  but  the 
idea  is  the  same:  Virtual  or  non-virtual  work¬ 
loads  can  be  moved  around  computing  ele¬ 
ments.  This  makes  it  easy  to  upgrade  servers, 
to  manage  power,  to  balance  loads  around  data 
centers  and  to  maintain  hardware  in  a  high- 
availability  world. 

The  shrinking  of  provisioning  and 


maintenance  time  comes  from  the  manage¬ 
ment  interface.  All  of  the  little  details  of  bring¬ 
ing  a  new  rack  of  servers  online,  from  han¬ 
dling  Fiber  Channel  addressing  to  virtual  or 
physical  NICs,  to  cabling,  to  power  manage¬ 
ment,  to  making  sure  that  every  little  setting  is 
correct  —  they’re  all  taken  care  of  by  the  UCS 
management  layer,  either  using  Cisco’s  appli¬ 
cations,  a  multi-domain  orchestrator  from 
some  third  party  or  even  home-grown  tools. 

If  virtualization  is  one  of  the  first  steps  you 
take  to  gain  a  competitive  advantage  in  enter¬ 
prise  computing,  then  the  agility  and  flexibility 
that  UCS  delivers  are  good  second  steps.  ■ 

Snyder,  a  Network  World  Test  Alliance 
partner,  is  a  senior  partner  at  Opus  One 
in  Tucson,  Ariz.  He  can  be  reached  at  Joel. 
Snyder@opusl.com. 


©  Go  online  to  see  a  video  of 
Joel  Snyder  in  the  lab  with  Cisco's 
UCS.  tinyurl.com/7ymj57j 
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CLEAR  CHOICE  TEST:  UBUNTU  11.10:  ONEIRIC  OCELOT 

Ubuntu  targets  smartphones,  clouds 

Canonical  lays  out  ambitious  road  map  with  latest  release 


BYTOM  HENDERSON 

Ubuntu  11.10  has  some  jagged 
edges  and  documentation  isn’t 
easy  to  locate,  but  Canonical  is 
certainly  dreaming  big  with 
this  latest  update,  dubbed 
Oneiric  (“dreamy”)  Ocelot. 

The  dreamy  part  is  in  the  fact  that  Canoni¬ 
cal  is  brushing  aside  criticism  over  its  recent 
move  to  replace  Gnome  with  the  new  Unity 
interface,  and  is  forging  ahead  with  ambi¬ 
tious  plans  to  take  the  Ubuntu  open  source 
desktop  OS  to  the  cloud,  the  server,  the  tablet 
and  the  smartphone. 

We’re  starting  to  get  used  to  Unity,  and  we 
found  it  works  on  many  more  display  adapt¬ 
ers  and  display  types  than  the  previous  ver¬ 
sion,  but  the  exact  types  that  are  compatible 
are  still  a  moving  target.  In  our  testing,  we 
couldn’t  find  a  machine  that  wasn’t  Unity 
compatible  —  including  as  a  virtual  machine 
on  Mac  OS  and  Parallels.  However,  we  wish 
that  Canonical  would  publish  a  Unity  com¬ 
patibility  list. 

We  were  able  to  hack  Unity  into  two  tab¬ 
lets,  an  Android-based  Motorola  Xoom  and  a 
webOS  HP  TouchPad,  but  it  took  a  bit  of  work. 
We  believe  that  Ubuntu  is  likely  to  be  seen  on 
commercially  marketed  tablets  soon. 

A  quotient  of  formerly  passionate  Ubuntu 
users  have  expressed  deep  dismay  over  the 
Unity  UI,  although  it’s  not  that  difficult  to 
swap  it  out  for  the  familiar  Gnome  UI. 

To  the  server  and  smartphone 

Ubuntu  11.10  features  server  support  for 
the  ARM  family  of  processors,  including  TI, 
Marvell  and  Freescale  ARM,  along  with  x86 
families  of  processors. 

While  ARM  is  known  for  small,  often  low- 
power  devices,  ARM  CPUs  are  also  the  crux 
of  very  high  CPU  density,  low-power  serv¬ 
ers.  Organizations  like  HP  have  announced, 
and  SeaMicro/Dell  are  delivering,  high-den¬ 
sity  ARM  server  platforms  —  albeit  in  the 
32-bit  world  that  somewhat  limits  potential 
performance. 

Apple  uses  ARM-based  CPUs,  and  while 
mainstream  servers  used  in  virtualization 
platforms  are  CISC  based  —  and  ARM  is  a 
RISC  processor  —  there  is  much  interest  in 
multi-CPU  ARM  platforms  —  even  in  smart¬ 
phones.  Canonical  seems  to  be  covering  the 
roulette  table. 

To  the  cloud 

Ubuntu  11.10  has  replaced  the  Ubuntu 


Enterprise  Cloud  construct  with  Ubuntu 
Cloud  Infrastructure.  The  UEC  strategy  has 
taken  several  rapid  turns  since  our  review 
of  Ubuntu  10.04,  and  Canonical  introduces 
more  amalgamation  of  efforts  identified  by 
Ubuntu  Orchestra. 

The  Ubuntu  Orchestra  project  combines 
four  efforts  into  one  initiative.  We  found  the 
results  are  good,  but  mercurial.  Canonical 
personnel  have  described  the  effort  as  pur¬ 
posefully  lightweight,  rather  than  enterprise 
—  meaning  complex,  by  their  description. 

Orchestra’s  four  components  are  a  provi¬ 
sioning  server,  management  server,  logging 
server  and  monitoring  server.  The  four  com¬ 
ponents  are  designed  to  be  the  framework 
for  bare-metal  server  provisioning  on  a  fleet 
scale.  Compared  to  other  Linux  releases, 
there  are  any  number  of  components  missing; 
however,  some  of  the  infrastructure  can  be 
combined  with  Puppet  (found  first  in  Ubuntu 
11.04),  along  with  other  bits  and  pieces. 

Orchestra  builds  servers  using  PxE  boot 
services,  which  finds  DHCP  and  TFTP  serv¬ 
ers  (both  required)  to  get  images,  which,  in 
turn,  have  bits  sent  to  them  as  metadata  to 
uniquely  configure,  or  configure  like-type 
servers  (think  Apache/Tomcat  Web  servers) 
or  those  using  pre-seeded  server  setups. 

The  server  wakes  up,  gets  an  address  and 
summons  a  pre-configured  “remote  program 
load”  from  the  TFTP  server.  The  Cobbler 
package  builds  servers,  and  “racks”  them. 
The  main  difficulty  is  security;  TFTP  is  an 
insecure  (at  best)  protocol,  and  much  isolation 
must  be  performed  on  the  network  that  provi¬ 
sions  the  servers.  TFTP  uses  no  passwords. 

The  server  portion  of  Ubuntu  has  more 
cloud  components,  and  some  of  them  are 
renamed  components  found  in  earlier  edi¬ 
tions,  updated  nonetheless.  Juju  is  such  a 
product  effort,  formerly  known  as  Ensemble. 
Juju  is  an  infrastructure  platform  that  allows 
developers  to  build  rapidly  assembled 
prototyping  or  production  platforms  after 
spending  a  bit  of  time  building  relationship 
configurations. 

Juju  sets  up  relationships  in  and  among 


server  types,  a  level  above  what  Orchestra 
imparts,  to  tie  server  instances  together  into 
working  systems  consisting  of  interrelated 
processes,  like  Web  apps  getting  data  from 
database  servers  or  from  caching  servers. 

Sewn  together,  one  uses  Juju  to  relate 
individual  servers  together  in  meaningful 
ways  using  Ubuntu  instance  infrastructure 
to  build  related  systems.  An  example  we 
tried  took  Apache  servers,  tied  to  cache  and 
database  servers  as  mentioned  above.  The 
drill  is  to  easily  add  in  an  additional  cache- 
server  that’s  been  pre-related  to  how  the  Web 
and  database  server  works  (credentials,  IP 
addresses  and  other  metadata). 

The  Juju-based  repositories  were  also  the 
crux  of  our  test  to  see  if  we  could  use  the  com¬ 
binations  against  Amazon’s  Web  Service  EC2 
under  OpenStack.  We  spun  up  instances  after 
arming  Juju  with  our  AWS  credentials,  and 
conforming  them  to  our  security  require¬ 
ments  (which  also  includes  adding  them  to 
our  CloudPassage  barn.) 

The  process,  once  Juju  had  been  set  up,  took 
just  a  few  moments  to  seed  from  our  own 
servers  to  AWS.  We  encountered  no  errors, 
although  taking  down  our  cloud  actually 
took  longer  than  building  it. 

Overall 

Ubuntu  11.10  has  something  for  everyone, 
and  has  a  highly  entrepreneurial  flavor  that 
will  excite  developers.  Ubuntu  now  has  sev¬ 
eral  classes  of  potential  users,  and  both  the 
user  editions  and  server  editions  are  chang¬ 
ing  quickly.  Some  of  the  changes  have  a  loose- 
and-fast  feel  to  them,  rather  than  the  staid 
organizational  production  feel  that  Red  Hat 
applies  to  RHEL. 

We  found  that  Canonical’s  Ubuntu,  com¬ 
pared  to  Red  Hat  and  Attachmate/SUSE, 
seems  scrappier,  and  has  a  lot  of  energy 
behind  it.  There’s  also  a  certain  frustration 
in  having  to  chase  around  to  find  documen¬ 
tation  and  finding  that  projects  had  been 
renamed,  but  not  necessarily  re-focused. 

There’s  a  lot  of  muscularity  in  11.10  that’s 
been  building  for  a  while,  and  Canonical 
gives  the  feeling  that  it  can  turn  its  boat 
much  more  quickly  than  Red  Hat,  SUSE,  or 
even  Apple  and  Microsoft.  While  it  may  be 
true  that  Canonical  can  address  trends  more 
quickly,  that  energy  can  also  appear  direc¬ 
tionless,  even  when  it’s  not.  ■ 

Henderson  runs  ExtremeLabs  of 
Bloomington,  Ind.  You  can  reach  him  at 
kitchen-sink@extremelabs.com. 
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Goodbye  2011 . . .  What  a  year! 


WELL,  AS  we  are  just  a  hop,  skip  and  an 
eggnog  away  from  putting  on  silly  hats, 
drinking  champagne  and  kissing  random 
people  as  we  bid  goodbye  to  the  year,  it  behooves  me  to  look  into  the 
digital  rearview  mirror  and  ponder  what  we  can  see  rushing  away 
from  us. 

And  it  has  been  quite  a  year.  I  covered  much  of  what  had  stood  out 
over  the  last  11  months  in  my  late-November  Backspin  column,  “The 
Eighth  Annual  Gibbs  Golden  Turkey  Awards.” 

In  that  column  I  castigated  the  Federal  Communications  Commis¬ 
sion  for  its  clumsy  handling  of  its  net  neutrality  rules;  the  supporters 
of  S.J.Res.6,  a  resolution  that  attempted  (unsuccessfully)  to  overturn 
those  same  neutrality  rules;  HP,  Netflix  and  Research  in  Motion  for 
their  maladroit  management  and  lack  of  strategic  planning;  Google 
for  its  ill-conceived  “true  names”  policy  and  for  idiotically  collect¬ 
ing  unsecured  Wi-Fi  data;  people  who  have  unsecured  Wi-Fi  access 
points;  Nokia  for  thinking  that  Windows  Phone  7  could  save  them; 
and  Microsoft  for  making  Internet  Explorer  a  wretched  piece  of  $%A$. 

The  icing  on  the  rotten  turducken  and  the  winner  of  the  Grand 
Golden  Turkey  was  the  ongoing  effort  by  the  forces  of  Big  Media  to 
push  bills  through  the  House  and  the  Senate  that  would  allow  the  DOJ 
to  shutter  websites  that  were  accused  of  piracy.  These  bills,  “Prevent¬ 
ing  Real  Online  Threats  to  Economic  Creativity  and  Theft  of  Intel¬ 
lectual  Property  Act  of  2011”  (the  “PROTECT  IP  Act”)  and  the  “Stop 
Online  Piracy  Act”  (SOPA),  would,  if  passed,  legalize  the  violation  of 
“due  process”  by  assuming  guilt  before  innocence. 

Since  my  November  column  we’ve  had  CIQgate,  the  brouhaha  over 


the  use  of  Carrier  IQ’s  embedded  software  by  cellular  service  provid¬ 
ers  to  report  on  what  consumers’  smartphones  are  doing.  While  the 
whole  fracas  is  still  up  in  the  air,  CIQgate  seems  to  be  both  less  and 
more  than  it  first  appeared. 

CIQgate  was  less  because  it  seems  that  the  level  of  information  gath¬ 
ered  was  not  as  invasive  as  was  first  claimed.  On  the  other  hand  it  was 
also  more  because  the  potential  for  abuse  of  cell  users’  privacy  by  the 
carriers  and  the  government  is  not  inconsiderable  given  the  nature  of 
the  software. 

Altogether  the  2011  issues  and  entities  make  a  pretty  sad  collection. 
If  you  look  at  the  list  from  on  high  you  might  reasonably  conclude  that 
in  the  world  of  IT  business,  it  was  the  year  of  klutzes,  kluges,  ignorance 
and  apathy.  And,  to  some  extent,  you’d  be  right. 

I  have  to  digress  for  a  moment  to  point  out  the  one  bright  spot  was 
when  Adobe  admitted  that  HTML5  is  the  righteous  way  of  the  future 
(OK,  they  didn’t  quite  frame  it  like  that)  and  that  they’re  axing  Mobile 
Flash  and  Flash  for  connected  TVs  (and  I’ll  do  a  Romney  and  bet 
$10,000  that  the  rest  of  the  Flash  runtime  platform  will  not  last  for 
longer  than  two  more  years). 

So,  what  can  we  expect  for  2012?  For  that,  you’ll  have  to  wait  for 
my  “2012  Outlook”  column  in  the  forthcoming  Jan.  9  issue  of  Network 
World.  Until  then,  have  a  great  Christmas,  a  fantastic  New  Year,  and, 
fingers  crossed  ...  hell,  everything  crossed  ...  let’s  hope  that  2012  is 
better  than  2011.  ■ 

Gibbs  is  getting  festive  in  Ventura,  Calif.  Jingle  your  bells  at 
backspin@gibbs.com. 
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Trashing  the  boss  online  still  a  bad  idea,  but . . . 


THREE  CONGRESSIONAL  aides  recently 
lost  their  jobs  in  part  because  they  are 
worthless  layabouts  who  drink  on  the  job, 
but  also  because  they  are  but  the  latest  to  forget  that  Twitter  lives  on 
the  Internet  and  tweets  —  especially  those  bad-mouthing  your  boss  — 
are  visible  to  one  and  all. 

It  is  an  inexplicably  common  memory  lapse,  certainly,  but  the 
behavior  on  display  in  this  instance  was  breathtaking  for  both  its  bra¬ 
zenness  and  stupidity.  U.S.  Rep.  Rick  Larsen,  a  Democrat  from  Wash¬ 
ington  state,  fired  the  trio  —  and  by  his  account  took  all  of  about  an 
hour  to  decide  to  do  it  after  being  informed  of  the  tweets. 

While  that  outcome  was  no  surprise,  a  Wall  Street  Journal  story  Dec.  2 
painted  a  different  picture,  one  in  which  the  conventional  wisdom  that 
a  non-union  employee  who  gets  fired  for  trashing  his  employer  online 
has  no  legal  recourse. 

It  turns  out  that  some  of  them  —  though  not  necessarily  the  three  for¬ 
mer  congressional  aides  —  might  indeed  escape  with  their  paychecks 
intact,  thanks  to  the  application  of  a  76-year-old  landmark  labor-pro¬ 
tection  law.  And  while  the  number  of  employees  involved  to  date  has 
been  small  —  about  100  over  the  past  year  —  their  ranks  are  growing 
and  it’s  easy  to  imagine  this  nascent  trend  exploding  into  full-scale 
legal,  political  and  social  wrangling. 

From  the  Journal  story:  “The  cases  turn  on  whether  online  post¬ 
ings  mirror  activity  that  is  protected  under  the  Wagner  Act,  as  [the 
National  Labor  Relations  Act  of  1935]  is  also  known.  Passed  in  part  to 
protect  collective-bargaining  rights,  the  law  grants  employees  a  right 
to  engage  in  ‘protected  concerted  activity,’  such  as  discussing  pay  or 


other  conditions.  Individuals  can  be  protected  if  they  are  speaking 
on  behalf  of  other  workers  about  the  workplace.  To  be  protected, 
there  must  be  group  activity,  in  intention  or  result,  said  NLRB  Act¬ 
ing  General  Counsel  Lafe  Solomon.  Mere  complaining  isn’t  protected, 
he  said.” 

The  examples  cited  in  the  story  —  a  worker  calling  her  boss  a  “scum¬ 
bag,”  a  car  salesman  complaining  that  the  food  offered  to  customers  by 
his  dealership  was  subpar  —  seemed  more  like  mere  complaining  than 
the  stuff  upon  which  labor  movements  are  built.  Yet  some  are  carrying 
the  day. 

And,  if  you  believe  in  the  right  to  unionize,  you  pretty  much  have  to 
believe  in  some  level  of  free-speech  legal  protections  for  non-unionized 
workers  who  would  seek  to  exercise  that  right,  because  any  right  to 
unionize  absent  such  protections  is  meaningless. 

Where  the  lines  get  drawn  is  what  this  issue  has  been  about  and  will 
be  about  going  forward. 

For  their  part,  employers  are  complaining  that  the  National  Labor 
Relations  Board  has  offered  little  guidance  to  date.  That’s  going  to  have 
to  change. 

In  the  meantime,  here’s  my  takeaway:  If  you’re  going  to  be  stupid 
enough  to  gripe  about  your  employer  on  Facebook  or  your  blog,  every 
post  —  if  not  every  sentence  —  should  begin  with  the  phrase,  “As  I  was 
explaining  to  the  group  at  lunch  today,  this  kind  of  thing  is  why  we 
need  a  union ...” 

And  make  sure  you’ve  got  the  number  of  a  good  lawyer.  ■ 

Have  a  workplace  tale  to  tell?  The  address  is  buzz@nww.com. 
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Personal  technology  is  changing  the  enterprise. 


More  and  more  employees  are  accessing  core  business 
applications  and  data  usingtheirown  devices— from 
smartphones  to  tablets  to  cloud  services.  Consumerization 
of  corporate  IT  is  a  trend  you  can't  ignore. 
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Join  us  at  CITE  [consumerization  of  IT  in  the  enterprise] 
Conference  and  Expo  and  learn  how  you  can  unleash 
employee  productivity  while  mitigating  risk  and 
safeguarding  enterprise  security. 
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1,300  Oracle/Sun 
clients  recently 
upgraded. 


Since  2009,  over  1,300  clients  have  moved  business  to  IBM  Power  Systems™  from 
Oracle/Sun.  Some  were  swayed  by  the  up  to  60%  drop  in  IT  costs.  Others  by  the 
3x  per  core  performance  (per  both  TPC-C  and  SAP  SD  benchmarks  listed  below) 
And  some  by  both.  Though  all  saw  the  strong  business  case  for  moving.  We’d 
welcome  the  opportunity  to  show  how  IBM  could  help  your  organization,  too. 
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IT  COSTS:  All  client  examples  cited  or  described  are  presented  as  illustrations  of  the  manner  in  which  some  clients  have  used  IBM  products  and  the  results  they  may  have  achieved  Actual  environmental 
costs  and  performance  characteristics  will  vary  depending  on  individual  client  configurations  and  conditions.  PERFORMANCE:  www.tpc.org  as  of  11/10/11  [IBM  Power  780  (3  x  64  C)(24  Ch/192  C/768 
Th);  10,366,254  tpmC;  $1.38/tpmC;  avail  10/13/10  v.  Oracle  SPARC  SuperCluster  W/T3-4  Servers  (27  x  64  C)(108  Ch/1728  C/13824  Th);  30,249,688  tpmC;  $1.01/tpmC;  avail  6/1/11)  TPC-C  is  a  trademark 
of  Transaction  Performance  Processing  Council,  www.sap.com/solutions/benchmark/  as  of  11/10/11  [IBM  Power  795  (32  P/256  C/1024  Th);  126063  users/2-tier  SAP  ERP  60  pack4/AIX  7.1  +  0B2  97' 
cert  2010046  v.  Oracle  SPARC  Enterprise  Server  M9000  (64  P/256  C/512  Th);  39100  users/2-tier  SAP  ERP  6.0/Solaris  10,  Oracle  lOg;  cert  2008042).  SAP  is  a  registered  trademark  of  SAP  AG  in 
Germany  and  several  other  countries.  IBM,  the  IBM  logo,  ibm.com,  DB2,  Power  Systems,  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International  Business  Machines  Corp  registered  in  many 
jurisdictions  worldwide.  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.ibm  com/leqal/copytrade  shtml 
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